ProSecure Unified Threat Management (UTM) Appliance Reference Manual
Network and System Management 10-5
v1.0, January 2010
– URL blocking. You can specify up to 200 URLs that are blocked by the UTM. For more
information, see “Configuring Web URL Filtering” on page 6-30.
– Web services blocking. You can block Web services such as instant messaging and peer-
to-peer services. For more information, see “Customizing Web Protocol Scan Settings and
Services” on page 6-19.
– Web object blocking. You can block the following Web component types: embedded
objects (ActiveX, Java, Flash), proxies, and cookies, and you can disable Java scripts. For
more information, see “Configuring Web Content Filtering” on page 6-23.
– Setting the size of Web files to be scanned. Scanning large Web files requires network
resources and might slow down traffic. You can specify the maximum file size that is
scanned, and if files that exceed the maximum size are skipped (which might compromise
security) or blocked. For more information, see “Configuring Web Malware Scans” on
page 6-21.
For these features (with the exception of Web object blocking and setting the size of files to be
scanned), you can set schedules to specify when Web content is filtered (see “Configuring
Web Content Filtering” on page 6-23) and configure exceptions for groups (see “Setting Web
Access Exception Rules” on page 6-41).
Source MAC Filtering
If you want to reduce outgoing traffic by preventing Internet access by certain PCs on the LAN,
you can use the source MAC filtering feature to drop the traffic received from the PCs with the
specified MAC addresses. By default, this feature is disabled; all traffic received from PCs with
any MAC address is allowed. See “Enabling Source MAC Filtering” on page 5-42 for the
procedure on how to use this feature.
Features That Increase Traffic
The following features of the UTM tend to increase the traffic load on the WAN-side:
• LAN WAN inbound rules (also referred to as port forwarding)
• DMZ WAN inbound rules (also referred to as port forwarding)
• Port triggering
• Enabling the DMZ port
• Configuring Exposed hosts
• Configuring VPN tunnels