Security
when surfing

Access restrictions are enforced via the content filter with Zero-Hour-Protection. The two virus scanners provide security when surfing on the Internet.

Protection
from attacks

With Deep Packet Inspection (DPI) and other efficient attack detection tools, the NextGen UTM-Firewall protects against e.g. industrial espionage and attacks from the Internet.

Secure
connectivity

Ability to link to any number of locations, provide VPN dial-up accesses and connect to mobile workplaces via different VPN protocols.

Secure
communication

Protection against viruses, phishing, spyware and malware via monitoring and adjustment of communication channels (email), also in the case of encrypted connections (POP3S/IMAPS).

One-time password
server (OTP)

The one-time password server is integrated completely into UTM and ensures high security two and three factor authentication. Free smartphone apps are available.

Mail
connector

The free Securepoint mail connector ensures the secure connection of POP3(S)/IMAP(S) accounts to your mail server via SMTP (STARTTLS).


Securepoint NextGen UTM-Firewall Buy

Webinar: NextGen UTM-Firewall - New features

Securepoint UTM 11.6 Neuheiten

Securepoint UTM 11.6 - New features

We are proud to present the latest release of our successful NextGen UTM-Firewall. There are many new features in Version 11.6. The area of bandwidth management (QoS) is of particular interest to us.


Complete all-inclusive UTM-Firewalls

Sicheres NetzwerkNextGen UTM-Firewalls provide companies with secure Internet access. They are a perfect fit for the structure and protection of modern company networks. Efficient IT security applications (firewall, VPN-Gateway, two virus/malware scanners, high-end spam filter, real-time content filter for web and email, Zero-Hour-Protection, IDS, authentication etc.) ensure a secure network operation across the board. A UTM system, at one central point, protects the entire network.

The NextGen UTM-Firewalls are delivered as a complete solution. Additional licences are not required for individual UTM functions.



 

Securepoint UTM 11.6Automatic bandwidth management

All protocols that are used, among other things, for communication are usually equal in the network. Under certain circumstances, applications that depend on a lower latency (e.g. VoIP telephony) no longer function optimally as a result. This is often due to a very busy connection to the network. The automatic QoS settings can, for example, prioritise the protocols of these applications and therefore favour them when the data is transferred.


New web filter interface

The configuration of the web filter (filtering websites via HTTP proxy) has been completely revised. The structure is now clearer and more intuitive and contains useful tools (e.g. hints when rules overlap are displayed).


Encryption and security settings

With NextGen UTM-Firewall Version 11.6, Securepoint allows you to specifically set the encryption protocols and algorithms of the applications in use according to your protection requirements, thus minimising attack vectors.


Additional new features

  • Enhancement of cloud backup using a time control
  • Netmap now also for service groups
  • Dyndns synchronisation behind NAT routers
  • Number of CPU cores extended to 64
  • Improved certification administration
  • Web interface performance has been further optimised and usability improved

 

Type:Securepoint NextGen UTM-Firewall
Brief overview of features:
  • Deep Packet Inspection Firewall (DPI)
  • Intrusion Detection System (IDS)
  • Zero-Hour-Protection
  • Two virus/malware scanners (Commtouch and ClamAV)
  • High-end spam filter
  • Real-time content filter for web and email
  • Extensive VPN connectivity (IPSEC, XAUTH, SSL-VPN, L2TP, PPTP)
  • Integrated free of charge Securepoint SSL-VPN client
  • No licence costs for VPN connections
  • Clientless VPN: Browser-based VPN without plug-in (HTML5, RDP, VNC)
  • Attack detection and defence
  • User identification (locally, active directory, LDAP)
  • Integrated one-time password server (OTP) for high security multiple factor authentication
  • Mail connector for secure connection of POP3(S)/ IMAP(S) accounts to your email server (SMTP)
  • Automatic bandwidth management - QoS (for lower latency e.g. with VoIP telephony)
  • Encryption protocols and algorithms can be customized for individual applications
  • Transparent filtering of HTTP, HTTPS (HTTPS interception), POP3 (transparent proxy)
  • Extensive treatment of spam in user interface and via spam records
  • Complete router functionality
  • Complete IPv6 support
  • Reliability when using multiple Internet accesses (fallback)
  • Load distribution across multiple Internet accesses (load balancing/multipath routing)
IPv6-ready:
Hardware versions (appliances):Black Dwarf UTM, RC100, RC200, RC300, RC400, RC700 and RC1000
Virtual environments:VMware, Microsoft Hyper-V® and Oracle VirtualBox
Dedicated hardware:
VPN clients included:
Subscription:Can subscribe for 1 to 5 years

 

IPv6AntivirusContent-FilterSpam-FilterDPI

 

Securepoint NextGen UTM-Firewall Range of Functions:

Operating Functions

Administrator Operation:

  • Languages: English, German
  • Auditable
  • Encryption of configurations, log data/reports
  • Real-time monitoring functions
  • Object-oriented configuration
  • Configuration backup management in Securepoint Cloud
  • Password/access data management
  • Configuration management (multiple configurations in one system)
  • Firmware management (update of firmware versions)
  • Backup management (configuration backups)
  • Configuration via:
    • CLI (Command Line Interface):
      Script-based management for automated rollouts
    • Web user interface:
      Single system management
    • Securepoint Operation Center (SOC):
      Multisystem management
  • SSH access to CLI
  • Customisable dashboard

 

End-user operation:

  • Languages: English, German
  • Clientless VPN (VPN via browser for RDP, VNC without additional plug-ins)
  • Download of automatically preconfigured SSL-VPN-Clients (OpenVPN)
  • Wake-on-LAN

Monitoring, logging and report functions

Monitoring, logging and reporting:

  • Two-man rule
  • Encryption of configurations, log data and reports
  • Anonymization of log data/reports
  • System/service status
  • Hardware status
  • Network status
  • Service/process status
  • Traffic status
  • VPN status
  • User authentication status
  • Live logging
  • Syslog protocol support and integrated syslog server (see SOC)
  • Logging to different syslog servers

SNMP:

  • SNMPv1
  • SNMPv2c
  • SNMP traps
  • Monitoring:
    • CPU, RAM, HDD/SSD/RAID, Ethernet
    • Internet connections

Statistics and reports (SOC):

  • Export statistics as PDF and CSV
  • Antivirus/antispam statistics
  • Alerts: Triggered alarms
  • Malware: Names, type, number
  • Top websites: Traffic to websites
  • Top surfers: All users that cause traffic
  • User’s traffic
  • Surfers+websites: Websites by users
  • Categories blocked by content/web filter
  • Blocked websites: websites that are blocked
  • Interface utilisation/traffic
  • SMTP attacks
  • IDS attack overview
  • IDS IP attackers and attack types
  • Top dropped packets
  • Top accepted packets
  • Top rejected packets
  • Top rejected emails
  • Top accepted emails
  • Top accepted/rejected emails
  • Top accepted mail servers
  • Top rejected mail servers
  • Top servers in greylisting whitelisted
  • Top servers in greylisting rejected

Network functions

IPv6-ready:

  • Configuration for external tunnel brokers (e.g. HE.net)
  • IPv6-DHCP and router advertisement
  • DHCP relay, also via VPN tunnel
  • Rules for DHCP are automatically created for the respective interface

 

LAN/WAN:

  • xDSL (PPPoE), cable modem
  • Load balancing
  • Bandwidth management
  • Time-controlled Internet connections
  • DynDNS support (free of charge via www.spdyn.de)

 

Routing:

  • Source routing
  • Destination routing
  • Multipath routing in mixed operation also (up to 15 lines)
  • NAT (Static/hide NAT), virtual IP addresses
  • BGP4

 

DHCP (IPv4/IPv6):

  • DHCP relay
  • DHCP client
  • DHCP server (dynamic/fixed IP)

 

DMZ:

  • Port forwarding
  • Port address translation (PAT)
  • Dedicated DMZ links

 

VLAN:

  • Max. 4094 VLANs per interface
  • 802.1q Ethernet header tagging
  • Can be combined with bridging

 

Bridge mode:

  • OSI-Layer 2 Firewall functions
  • Spanning tree (bridge ID, port cost)
  • Unlimited bridges
  • Unlimited interfaces per bridge

 

Traffic shaping/quality of service (QoS):

  • QoS/traffic shaping (also for VPN)
  • Adjustable upload/download stream traffic
  • All services can be configured separately
  • Minimum, maximum and guaranteed bandwidths can be configured individually
  • Multiple internet connections supported

 

High availability:

  • active/passive HA
  • Synchronisation of single/multiple connections

 

Name server:

  • Forwarder
  • Relay zones
  • Master zones (domain and reverse)

Network functions

Firewall deep packet inspection (DPI):

  • Deep packet inspection
  • Connection tracking TCP/UDP/ICMP
  • SPI and proxy can be combined
  • OSI-Layer 7-Filter
  • Time-controlled firewall rules, content/web filter, Internet connection
  • Group-based firewall rules, content/web filter, Internet connection
  • Supported protocols: TCP, UDP, ICMP, GRE, ESP, AH

 

Implied rules configuration:

  • Standard services such as Bootp, Netbios Broadcast... can be removed from logging by On-Click
  • Access can be granted via On-Click for standard services such as VPN without a rule having to be written
  • Static NAT, Hide NAT and other exceptions can be configured in the packet filter

 

VPN:

  • VPN and certificate assistant

 

Clientless VPN:

  • Client-to-Site (VPN home offices)
  • VPN via browser for RDP/VNC without additional plug-ins (modern browsers)
  • Authentication: Active directory, local user database
  • SSL encryption

IPSec:

  • Site-to-Site (VPN branches)
  • Client-to-Site (VPN home offices)
  • Authentication: Active directory, local user database
  • Encryption: 3DES, AES 128/ 256Bit, Twofish
  • Hash-Algo., MD5-HMAC/SHA1, SHA2
  • Windows 7/8-ready with IKEv1, IKEv2
  • Preshared Keys (PSK)
  • X.509 certificate
  • Tunnel mode
  • DPD (Dead Peer Detection)
  • NAT-T
  • Data compression
  • PFS (Perfect Forward Secrecy)
  • XAUTH, L2TP

SSL:

  • Site-to-Site (VPNbranches)
  • Client-to-Site (VPN home offices)
  • Authentication: Active directory, local user database
  • SSL encryption (OpenVPN)
  • Encryption: 3DES, AES (128, 192, 256) CAST5, Blowfish
  • Routing mode-VPN
  • X.509 certificate
  • TCP/UDP port can be changed
  • Data compressio
  • Export für One-Click-Connection

L2TP:

  • Client-to-Site (VPN home offices)
  • Authentication: Active directory, radius, local user database
  • Windows L2TP support

PPTP (not recommended):

  • Client-to-Site (VPN home offices)
  • Authentication: Active directory, radius, local user database
  • Windows PPTP support

 

X.509 Certificate server: 

  • Certificate blocklist (CRL)
  • Multi-CA support
  • Multi-host certificate support

 

VPN clients (free):

OpenVPN client (OpenVPN):

  • Can be configured centrally via administration interface
  • Including configuration that can be downloaded via user web interface
  • Can be executed without admin rights with Windows
  • Operation: On-Click-VPN-Connection

Clientless VPN:

  • Can be configured centrally via admin interface
  • Can be called up via user interface
  • Operation: On-Click-VPN-Connection

 

Antivirus (AV):

  • Two virus scanners as standard:
    • Commtouch AV & ClamAV
  • Virus scanner cascadable SMTP, POP3
  • Scan protocols: HTTP, HTTPS, FTP over HTTP, POP3, SMTP
  • Encrypted data scanned (SSL interception/bump)
  • Compromised data, archives (zip etc.) and attachments scanned
  • Manual and automatic updates

 

Antispam (AS):

  • Protocols SMTP, POP3
  • Authentication: Active directory, LDAP, local user database
  • Zero day protection
  • RBL lists (SMTP)
  • Black/whitelists
  • Greylisting (SMTP)
  • Regular expressions
  • SMTP gateway:
    • Greeting pause, protection against “recipient flooding”, Rate control
    • Greylisting with whitelists of email addresses and domains
    • Email address validation directly via SMTP protocol
  • Can be combined with content filter (blocking categories such as pornography etc.)

 

Proxies: 

  • HTTP, HTTPS, FTP over HTTP, POP3, SMTP, SIP/RTP, VNC
  • Transparent mode (HTTP, POP3)
  • Authentication: Active directory, LDAP, local user database
  • Integrated URL/content/web filter (see content/web filter)
  • Integrated antivirus system (see AV)
  • Integrated spam filter (see AS)
  • Group/time-controlled rules

Reverse proxy:

  • Reverse proxy for HTTP, HTTPS
  • Load balancing on internal server
  • Bandwidth management
  • Different filter options

 

Content/web filter: 

  • Content filter with 46 categories
  • Category-based website blocks
  • Authentication: active directory, local user database
  • Scan technology with online database
  • URL filter with import/export URL lists
  • Black/whitelists
  • File extension/MIME type filter
  • Advertising blocked (approx. 50% of adverts removed from websites)

 

IDS/IPS:

  • Protection against DoS/dDoS attacks
  • Port scan protection
  • Invalid network packet protection
  • Automated warning (email etc.)

 

User authentication:

  • Complete active directory integration
  • Authentication against active directory for all VPN protocols, filters and proxies of UTM
  • And also radius authentication for VPN protocols PPTP/L2TP

 

Backup:

  • Locally in the workplace, locally in UTM/VPN system, in SOC database and Securepoint Cloud
  • Automatic and time-based backups
  • Backups can be encrypted
  • Backups possible on. running system

 

One-time password (OTP):

  • Integrated one-time password server for high security two and three factor authentication

 

Mail connector:

  • Integrated for retrieving emails via POP3(S)/IMAP(S) and forwarding via SMTP
  • Increases spam detection and virus protection

Black Dwarf UTM Suitable for up to 10 users
Small- & Home Office UTM series

Black Dwarf UTM WiFi/UMTS

  • Firewall, VPN, 2 x virus scanner, spam filter, web filter, IDS, authentication etc.
  • IPv6-ready
  • 3 x 10/100/1000 MBit/s LAN ports
  • WLAN/WiFi (300 MBit/s) ready
  • UMTS (3G) optional
  • Including VPN clients
  •  

RC100 UTM Suitable for up to 25 users
Small Office UTM Series

RC100 UTM WiFi/UMTS

  • Firewall, VPN, 2 x virus scanner, spam filter, web filter, IDS, authentication etc.
  • IPv6-ready
  • 4 x 10/100/1000 MBit/s LAN ports
  • WLAN/WiFi (300 MBit/s) optional
  • UMTS (3G) optional
  • Including VPN clients
  • optional 19" Rackmount kit

RC200 UTM Suitable for up to 50 users
Small Enterprise UTM Series

RC200 UTM WiFi/UMTS

  • Firewall, VPN, 2 x virus scanner, spam filter, web filter, IDS, authentication etc.
  • IPv6 ready
  • 4 x 10/100/1000 MBit/s LAN-Ports
  • WLAN/WiFi (300 MBit/s)optional
  • UMTS (3G) optional
  • Including VPN clients
  • optional 19" Rackmount kit

RC300 UTM (19-inch rack 1 RU) Suitable for up to 150 users
Small Enterprise UTM Series

RC300 UTM

  • Firewall, VPN, 2 x virus scanner, spam filter, web filter, IDS, authentication etc.
  • IPv6-ready
  • 6 x 1 GBit/s LAN ports
    Can be enhanced by 1 GBit, 10 GBit, fibre optic (SFP+) LAN ports
  • Including VPN clients

RC400 UTM (19-inch rack 1 RU) Suitable for up to 250 users
Medium Enterprise UTM Series

RC400 UTM

  • Firewall, VPN, 2 x virus scanner, spam filter, web filter, IDS, authentication etc.
  • IPv6-Ready
  • 10 x 1 GBit/s LAN-Ports
    Can be enhanced by 1 GBit, 10 GBit, fibre optic (SFP+) LAN ports
  • Including VPN-Clients

RC700 UTM (19-inch rack 1 RU) Suitable for up to 500 users
Medium Enterprise UTM Series

RC700 UTM

  • Firewall, VPN, 2 x virus scanner, spam filter, web filter, IDS, authentication etc.
  • IPv6-ready
  • 14 x 1 GBit/s LAN ports
    Can be equipped with 10 GBit (RJ45), fibre optic (SFP+) LAN ports
  • Including VPN clients

RC1000 UTM (19-inch rack RU) Suitable for up to 1000 users
Large Enterprise UTM Series

RC1000 UTM

  • Firewall, VPN, 2 x virus scanner, spam filter, web filter, IDS, authentication etc.
  • IPv6-ready
  • 4 x 1 GBit/s LAN ports
    Can be enhanced by 1 GBit, 10 GBit, fibre optic (SFP+) LAN ports
  • Including VPN clients

VM UTM (virtual machines) Suitable for 1 to 2,500 users
Computer centres and ISPs

VM UTM (virt. machines)

  • Firewall, VPN, 2 x virus scanner, spam filter, web filter, IDS, authentication etc.
  • IPv6-ready
  • Up to 16 LAN ports, can be enhanced with VLAN

Cloud UTM Suitable for 1 to 2,500 users
Computer centres and ISPs

UTM firewalls

  • Firewall, VPN, 2 x virus scanner, spam filter, web filter, IDS, authentication etc.
  • IPv6-ready
  • Up to 16 LAN ports, can be enhanced with VLAN

 

Please fill in any case from the fields marked with *.
CAPTCHA image for SPAM prevention If you can't read the word, click here.


10 Top Arguments for the Securepoint UTM-Gateways and Appliances

  1. NextGen UTM-Firewall with high-end functionality (Deep Packet Inspection).
  2. Spam filter with a 99% detection rate and server synchronisation via our computer centre.
  3. Virus scanner: Automatically pre-installed and activated virus scanner that checks emails, file attachments (also packed) and web accesses for viruses.
  4. Web content filter: Restrict your employees’ or your children’s access to the Internet and specify which email attachments are permitted.
  5. Antiphishing/antispyware: Integrated protection against unauthorised access to sensitive data (such as online banking or passwords)
  6. VPN-Gateway: Establish secure connections to your company/branch or the home office.
  7. Web management for comfortable, simple and intuitive operation and administration: With the installation assistant, this takes only a matter of seconds.
  8. Automatic updates enable automated, hourly updates if you have an active licence.
  9. Automatic time function enables the time of all computers in the network to be synchronised automatically.
  10. High performance and low costs in an extremely quick and secure configuration.

Maintenance/licence:
To ensure that your NextGen UTM-Firewall is always up to date with respect to virus updates/spam filters/software updates and so on, you require a licence, which you must activate and purchase for at least one year.