Skip to main content

UTM firewall and VPN functions

UTM firewall functions

Functions for UTM firewall operators

  • Languages: English, German
  • Accessibility: Mode for colour blindness
  • Audit-ready
  • Real-time monitoring functions
  • Configuration management (multiple configurations on one system)
  • Triple firmware system (optimal security for upgrades)
  • Backup management (manual, automatic via cloud)
  • Configuration via:
     
    • Web user interface: single-system management
    • Unified Security Console (USC): Multi-System Management*
      • CLI (Command Line Interface): Console-based administration - scripting and remote administration possible
      • SSH access to CLI
      • Console - Serial interface
  • Interface adapts to browser resolution (Responsive)
  • Customisable dashboards

* Only usable with public IP address on the external interface

  • Languages: English, German
  • Comprehensive spam management incl. authorisation system
  • Clientless VPN (browser-based connection via RDP/ VNC without additional plug-ins (HTML5))
  • Download of automatically pre-configured SSL VPN clients (OpenVPN)
  • Wake-on-LAN
  • Captive portal incl. user administration
  • Change password

UTM functions for monitoring, logging and reporting

  • Acute status reports by e-mail
  • Prepared status reports as a separate service - Unified Security Report (USR)
  • Anonymisation of log data/reports
  • System/service/process status
  • Hardware status
  • Network status
  • Traffic status
  • VPN status
  • User authentication status
  • Live logging
  • Syslog protocol support and integrated syslog server
  • Logging to various syslog servers Syslog server via UDP and TCP
  • Sensors for RMM systems
  • SNMPv1
  • SNMPv2c
  • SNMPv3
  • Monitoring:

System status, application status, VPN connections (IPSec and OpenVPN), mail queue, network load and others.

  • Visualisation of the security status of devices and services
  • Current risk assessments of the individual services (e.g. alerts, viruses, e-mail quarantine and user activities)
  • Devices, licences, users
  • Traffic and security categories
  • Performance of the systems used
  • Risk assessments and recommendations for action

The network functions of the UTM firewalls

  • Internet connection via LTE/UMTS
  • LTE/UMTS use as fallback
  • Virtual WLANs (e.g. guest networks)
  • Authentication: WPA, WPA2-Enterprise, WPA2-Personal, WPA3-Enterprise, WPA3-Personal, WPA3-OWE
  • 2.4 or 5 GHz, 802.11 n/ac
  • WLAN monitoring
  • Encryption: WPA2 and WPA3
  • Automatic channel search
  • PPPoE (xDSL)
  • DHCP client
  • Static IP configuration
  • PPTP
  • Load balancing
  • Bandwidth management
  • Time-controlled Internet connections
  • DynDNS support (free of charge for resellers via www.spdyn.de)
  • LTE/ UMTS 2G, 3G, 4G (Black Dwarf SB, Black Dwarf Pro, RC100, RC200)
  • Prefix delegation for Ethernet and PPPoE
  • IPv6 DHCP and Router Advertisment
  • DHCP relay, also through VPN tunnel
  • Rules for DHCP are automatically created for the respective interfaces
  • Configuration for external tunnel brokers
  • Source Routing
  • Destination Routing
  • Policy-Based Routing
  • Multipath routing also in mixed mode (up to 15 lines)
  • NAT (Static-/Hide-NAT), virtual IP addresses
  • BGP4/OSPF/RIP
  • DHCP Relay
  • DHCP client
  • DHCP server (Dynamic/Fixed IP)
  • Port forwarding
  • Port Address Translation (PAT)
  • Dedicated DMZ links
  • 802.1q ethernet header tagging
  • Can be combined with bridging
  • Spanning Tree (Bridge ID, Port Cost)
  • Number of bridges is not limited in the software
  • Number of interfaces per bridge is not limited in the software
  • Automatic QoS settings prioritise based on TOS/DSCP to ensure lower latencies
  • QoS/traffic shaping also for VPN
  • Up-/Download stream traffic adjustable
  • Active-Passive HA
  • Synchronisation of the IP connections
  • Forwarder
  • Relay zones
  • Master zones (domain and reverse)
  • DNSSEC
  • DNS Rebinding Prevention

The traffic filter functions of the firewalls

  • Deep Packet Inspection
  • Connection Tracking TCP/UDP/ICMP
  • SPI and proxy combinable
  • OSI layer 7 filter
  • Time-controlled firewall rules, content/web filter, Internet connection
  • Supported protocols: TCP, UDP, ICMP, GRE, ESP, AH
  • Geo-IP blocking
  • Standard services such as Bootp and Netbios Datagram, Session Service and Name Service can be removed from the logging.
  • Standard services such as VPN can be granted access without writing a rule for them.
  • Static-NAT, Hide-NAT and their exceptions configurable in the packet filter
  • Geo-IP blocking
  • Virus scanner for mails
  • Scan of compressed data, archives (zip etc.) and attachments
  • Automatic updates
  • The antivirus is available in the modules http/s proxy, mail filter
  • Protocols when using mail filter/mail relay : SMTP, SMTPS
  • Protocols when using mail connector: IMAP, IMAPS, POP3, POP3S
  • Authentication: Active Directory, LDAP, local user database
  • Configurable filter
  • Zero-day protection
  • Allow/block lists
  • Grey listing (SMTP)
  • Regular Expressions
  • SMTP-Gateway:
    • Greeting Pause, Recipient Flooding Protection, Rate Control
    • Greylisting with whitelists of email addresses and domains
    • E-mail address validation directly via SMTP protocol
  • Can be combined with URL content filter (blocking of categories such as Danger, Hacking, Pornography etc.)
  • Integrated for retrieving emails via POP3(S)/ IMAP(S) and forwarding via SMTP
  • Modern Authentication: OAuth2 provider e.g. for Google Workspace and Microsoft 365
  • Increases spam detection and virus protection
  • Protocols: HTTP, HTTPS, FTP over HTTP
  • SNI support
  • Transparent mode (HTTP, HTTPS)
  • Authentication: Active Directory, local user database
  • Integrated URL/content/web filter (see content/web filter)
  • Integrated antivirus system (see Antivirus)
  • Group/time-controlled rules
  • Protocol: POP3
  • Transparent mode
  • Authentication: Active Directory, local user database
  • Integrated URL filter (see Content/Web filter)
  • Integrated antivirus system (see Antivirus)
  • Integrated spam filter (see Antispam)
  • Protocol: SMTP
  • SASL authentication
  • Grey-Listing
  • Greeting Pause
  • Category-based website blocking with over 40 categories
  • Authentication: Active Directory (Kerberos, NTLM, Basic-Auth), LDAP (Basic-Auth), local user database (Basic-Auth)
  • Profile-based access control based on IP addresses or user groups
  • Scan technology with online database
  • URL filter with URL lists
  • Allow/block lists
  • File extension/MIME types filter
  • Safesearch (only works with activated full SSL-Interception)
  • Advertising blocking (removes approx. 50% of advertisements from websites)
  • URL shortener
  • Protection against DoS/DDoS attacks
  • DNS rebinding protection
  • Portscan Protection
  • Invalid Network Packet Protection
  • IP blocking in case of faulty logon to services of the UTM (FailToBan)
  • Threat Intelligence Filter - Cloud-based filter for blocking / logging potentially dangerous connections

More functions

  • Active Directory
  • LDAP
  • Local user database
  • Authentication against Active Directory, LDAP and the local user database for all VPN protocols, filters and proxy of the UTM
  • Radius (only for SSL VPN, http proxy)
  • Reverse proxy for HTTP, HTTPS
  • Certificate-based authentication
  • Load balancing on internal servers
  • Bandwidth management
  • Various filter options
  • Automatic certificate renewal through Let's Encrypt/ACME
  • Configuration contains all settings of the UTM firewall
  • Local at the workstation and Securepoint Cloud
  • Automatic and time-based creation of cloud backups
  • Cloud backups can be encrypted
  • Cloud backups can be restored and downloaded via the USC
  • Integrated one-time password server for highly secure multi-factor authentication (MFA).
  • Method: TOTP
  • Usable with: Admin / user interface, SSL VPN, IPsec, SSH
  • Automatic redirection of users
  • HTTPS certificate changeable (see X.509 certificate server)
  • Specification of terms of use
  • Dynamic rules (port filter) for logged-in users
  • Optional user login with user name and password
  • Delegation of user administration to the user interface
  • Captive Portal design is customisable
  • UI of the Captive Portal can be stored in several languages
  • Certificate Revocation List (CRL)
  • Multi-CA support
  • Multi-host certificate support
  • Let's Encrypt/ACME directly integrated
  • Support of Hyper-V®, VMware® (from version 4.1), KVM

VPN functions

  • Site-to-Site (network coupling)
  • End-to-Site (connection of individual devices)
  • IKE method: IKEv2 and IKEv1
  • Encryption: AES CBC, AES GCM, 3DEs and others
  • Hash algo: SHA2 (512,256,128), SHA1, MD5
  • DH groups: 2, 5, 14, 15, 16, 17, 18, 19, 20, 21
  • Authentication: Preshared Keys (PSK), X.509 certificates, RSA keys, MS-CHAPv2, EAP-TLS
  • Authentication: Active Directory, local user database
  • DPD (Dead Peer Detection)
  • NAT-T (MOBIKE configurable)
  • Data compression
  • PFS (Perfect Forward Secrecy)
  • Route and policy mode VPN
  • Daten-Kompression
  • PFS (Perfect Forward Secrecy)
  • Route- und Policy-Mode VPN
  • Site-to-Site (network coupling)
  • End-to-Site (connection of individual devices)
  • Authentication: Active Directory, local user database
  • Encryption: AES CBC, AES GCM, 3DEs and others
  • Hash algo: SHA2 (512,256,128), SHA1, MD5m Whirlpool
  • Routing mode VPN
  • X.509 certificates
  • TCP/UDP and port changeable
  • Data compression
  • Export of configurations for end-to-site
  • SSL VPN clients for iOS/iPadOS, Android and Windows
  • Multiple instances can be created
  • Site-to-Site (network coupling)
  • End-to-Site (connection of individual devices)
  • Key exchange: Curve25519 (ECDHE)
  • Encryption of user data: ChaCha20 and Poly1305
  • Hashing: BLAKE2s
  • Authentication: x25519 key and PSK
  • Routing mode VPN
  • UDP port arbitrary selectable

Securepoint SSL VPN Client (OpenVPN) for Windows

  • Including configuration downloadable via user web interface
  • Application without admin rights under Windows
  • Browser-based connection via RDP/VNC without additional plug-ins (HTML5)
  • Authentication: Active Directory, local user database
  • SSL encryption
  • Accessible via user interface

Our solutions for your business

Three different UTM firewalls in one server cabinet

UTM Firewalls

The basis of network security

  • High-end content filter
  • Double virus filter
  • Anti-spam functions
Controller against computer virus is turned to Delete

Antivirus PRO

The antivirus for businesses

  • High-performance scan engine
  • Fast and unobtrusive
  • Central management
Man sitting in front of laptop with smartphone in hand

Securepoint Mobile Security

MDM and firewall to Go

  • Security for smartphone and tablet
  • Full mobile device management
  • Encrypted connections
Woman sitting with tablet on a desk in an office

Legally compliant e-mail archiving

With Unified Mail Archive

  • Intuitive search engine
  • Tamper-proof 
  • DSGVO and GoBD ready
View through an open safe door onto lockers

Reliable data backup

With Unified Backup

  • The last protection against ransomware
  • Reliable, fast, up-to-date
  • Server in Germany
Man and woman in an office in front of a computer

Cyber-Awareness-Training

With Awareness PLUS

  • Makes employees a "human firewall
  • Regular IT security training
  • Measurable learning success