UTM firewall and VPN functions

• Languages: English, German
• Accessibility: Mode for colour blindness
• Audit-ready
• Real-time monitoring functions
• Configuration management (multiple configurations on one system)
• Triple firmware system (optimal security for upgrades)
• Backup management (manual, automatic via cloud)
• Configuration via:
   
  • Web user interface: single-system management
  • Unified Security Console (USC): Multi-System Management*
    • CLI (Command Line Interface): Console-based administration - scripting and remote administration possible
    • SSH access to CLI
    • Console - Serial interface
• Interface adapts to browser resolution (Responsive)
• Customisable dashboards

* Only usable with public IP address on the external interface

• Languages: English, German
• Comprehensive spam management incl. authorisation system
• Clientless VPN (browser-based connection via RDP/ VNC without additional plug-ins (HTML5))
• Download of automatically pre-configured SSL VPN clients (OpenVPN)
• Wake-on-LAN
• Captive portal incl. user administration
• Change password

• Acute status reports by e-mail
• Prepared status reports as a separate service - Unified Security Report (USR)
• Anonymisation of log data/reports
• System/service/process status
• Hardware status
• Network status
• Traffic status
• VPN status
• User authentication status
• Live logging
• Syslog protocol support and integrated syslog server
• Logging to various syslog servers Syslog server via UDP and TCP
• Sensors for RMM systems

• SNMPv1
• SNMPv2c
• SNMPv3
• Monitoring:

System status, application status, VPN connections (IPSec and OpenVPN), mail queue, network load and others.

• Visualisation of the security status of devices and services
• Current risk assessments of the individual services (e.g. alerts, viruses, e-mail quarantine and user activities)
• Devices, licences, users
• Traffic and security categories
• Performance of the systems used
• Risk assessments and recommendations for action

• Internet connection via LTE/UMTS
• LTE/UMTS use as fallback

• Virtual WLANs (e.g. guest networks)
• Authentication: WPA, WPA2-Enterprise, WPA2-Personal, WPA3-Enterprise, WPA3-Personal, WPA3-OWE
• 2.4 or 5 GHz, 802.11 n/ac
• WLAN monitoring
• Encryption: WPA2 and WPA3
• Automatic channel search

• PPPoE (xDSL)
• DHCP client
• Static IP configuration
• PPTP
• Load balancing
• Bandwidth management
• Time-controlled Internet connections
• DynDNS support (free of charge for resellers via www.spdyn.de)
• LTE/ UMTS 2G, 3G, 4G (Black Dwarf SB, Black Dwarf Pro, RC100, RC200)

• Prefix delegation for Ethernet and PPPoE
• IPv6 DHCP and Router Advertisment
• DHCP relay, also through VPN tunnel
• Rules for DHCP are automatically created for the respective interfaces
• Configuration for external tunnel brokers

• Source Routing
• Destination Routing
• Policy-Based Routing
• Multipath routing also in mixed mode (up to 15 lines)
• NAT (Static-/Hide-NAT), virtual IP addresses
• BGP4/OSPF/RIP

• DHCP Relay
• DHCP client
• DHCP server (Dynamic/Fixed IP)

• Port forwarding
• Port Address Translation (PAT)
• Dedicated DMZ links

• 802.1q ethernet header tagging
• Can be combined with bridging

• Spanning Tree (Bridge ID, Port Cost)
• Number of bridges is not limited in the software
• Number of interfaces per bridge is not limited in the software

• Automatic QoS settings prioritise based on TOS/DSCP to ensure lower latencies
• QoS/traffic shaping also for VPN
• Up-/Download stream traffic adjustable

• Active-Passive HA
• Synchronisation of the IP connections

• Forwarder
• Relay zones
• Master zones (domain and reverse)
• DNSSEC
• DNS Rebinding Prevention

• Deep Packet Inspection
• Connection Tracking TCP/UDP/ICMP
• SPI and proxy combinable
• OSI layer 7 filter
• Time-controlled firewall rules, content/web filter, Internet connection
• Supported protocols: TCP, UDP, ICMP, GRE, ESP, AH
• Geo-IP blocking

• Standard services such as Bootp and Netbios Datagram, Session Service and Name Service can be removed from the logging.
• Standard services such as VPN can be granted access without writing a rule for them.
• Static-NAT, Hide-NAT and their exceptions configurable in the packet filter
• Geo-IP blocking

• Virus scanner for mails
• Scan of compressed data, archives (zip etc.) and attachments
• Automatic updates
• The antivirus is available in the modules http/s proxy, mail filter

• Protocols when using mail filter/mail relay : SMTP, SMTPS
• Protocols when using mail connector: IMAP, IMAPS, POP3, POP3S
• Authentication: Active Directory, LDAP, local user database
• Configurable filter
• Zero-day protection
• Allow/block lists
• Grey listing (SMTP)
• Regular Expressions
• SMTP-Gateway:
  • Greeting Pause, Recipient Flooding Protection, Rate Control
  • Greylisting with whitelists of email addresses and domains
  • E-mail address validation directly via SMTP protocol
• Can be combined with URL content filter (blocking of categories such as Danger, Hacking, Pornography etc.)

• Integrated for retrieving emails via POP3(S)/ IMAP(S) and forwarding via SMTP
• Modern Authentication: OAuth2 provider e.g. for Google Workspace and Microsoft 365
• Increases spam detection and virus protection

• Protocols: HTTP, HTTPS, FTP over HTTP
• SNI support
• Transparent mode (HTTP, HTTPS)
• Authentication: Active Directory, local user database
• Integrated URL/content/web filter (see content/web filter)
• Integrated antivirus system (see Antivirus)
• Group/time-controlled rules

• Protocol: POP3
• Transparent mode
• Authentication: Active Directory, local user database
• Integrated URL filter (see Content/Web filter)
• Integrated antivirus system (see Antivirus)
• Integrated spam filter (see Antispam)

• Protocol: SMTP
• SASL authentication
• Grey-Listing
• Greeting Pause

• Category-based website blocking with over 40 categories
• Authentication: Active Directory (Kerberos, NTLM, Basic-Auth), LDAP (Basic-Auth), local user database (Basic-Auth)
• Profile-based access control based on IP addresses or user groups
• Scan technology with online database
• URL filter with URL lists
• Allow/block lists
• File extension/MIME types filter
• Safesearch (only works with activated full SSL-Interception)
• Advertising blocking (removes approx. 50% of advertisements from websites)
• URL shortener

• Protection against DoS/DDoS attacks
• DNS rebinding protection
• Portscan Protection
• Invalid Network Packet Protection
• IP blocking in case of faulty logon to services of the UTM (FailToBan)
• Threat Intelligence Filter - Cloud-based filter for blocking / logging potentially dangerous connections

• Active Directory
• LDAP
• Local user database
• Authentication against Active Directory, LDAP and the local user database for all VPN protocols, filters and proxy of the UTM
• Radius (only for SSL VPN, http proxy)

• Reverse proxy for HTTP, HTTPS
• Certificate-based authentication
• Load balancing on internal servers
• Bandwidth management
• Various filter options
• Automatic certificate renewal through Let's Encrypt/ACME

• Configuration contains all settings of the UTM firewall
• Local at the workstation and Securepoint Cloud
• Automatic and time-based creation of cloud backups
• Cloud backups can be encrypted
• Cloud backups can be restored and downloaded via the USC

• Integrated one-time password server for highly secure multi-factor authentication (MFA).
• Method: TOTP
• Usable with: Admin / user interface, SSL VPN, IPsec, SSH

• Automatic redirection of users
• HTTPS certificate changeable (see X.509 certificate server)
• Specification of terms of use
• Dynamic rules (port filter) for logged-in users
• Optional user login with user name and password
• Delegation of user administration to the user interface
• Captive Portal design is customisable
• UI of the Captive Portal can be stored in several languages

• Certificate Revocation List (CRL)
• Multi-CA support
• Multi-host certificate support
• Let's Encrypt/ACME directly integrated

• Support of Hyper-V®, VMware® (from version 4.1), KVM

• Site-to-Site (network coupling)
• End-to-Site (connection of individual devices)
• IKE method: IKEv2 and IKEv1
• Encryption: AES CBC, AES GCM, 3DEs and others
• Hash algo: SHA2 (512,256,128), SHA1, MD5
• DH groups: 2, 5, 14, 15, 16, 17, 18, 19, 20, 21
• Authentication: Preshared Keys (PSK), X.509 certificates, RSA keys, MS-CHAPv2, EAP-TLS
• Authentication: Active Directory, local user database
• DPD (Dead Peer Detection)
• NAT-T (MOBIKE configurable)
• Data compression
• PFS (Perfect Forward Secrecy)
• Route and policy mode VPN
• Daten-Kompression
• PFS (Perfect Forward Secrecy)
• Route- und Policy-Mode VPN

• Site-to-Site (network coupling)
• End-to-Site (connection of individual devices)
• Authentication: Active Directory, local user database
• Encryption: AES CBC, AES GCM, 3DEs and others
• Hash algo: SHA2 (512,256,128), SHA1, MD5m Whirlpool
• Routing mode VPN
• X.509 certificates
• TCP/UDP and port changeable
• Data compression
• Export of configurations for end-to-site
• SSL VPN clients for iOS/iPadOS, Android and Windows
• Multiple instances can be created

• Site-to-Site (network coupling)
• End-to-Site (connection of individual devices)
• Key exchange: Curve25519 (ECDHE)
• Encryption of user data: ChaCha20 and Poly1305
• Hashing: BLAKE2s
• Authentication: x25519 key and PSK
• Routing mode VPN
• UDP port arbitrary selectable

Securepoint SSL VPN Client (OpenVPN) for Windows

• Including configuration downloadable via user web interface
• Application without admin rights under Windows

• Browser-based connection via RDP/VNC without additional plug-ins (HTML5)
• Authentication: Active Directory, local user database
• SSL encryption
• Accessible via user interface