Functions for UTM firewall operators
- Languages: English, German
- Accessibility: Mode for colour blindness
- Audit-ready
- Real-time monitoring functions
- Configuration management (multiple configurations on one system)
- Triple firmware system (optimal security for upgrades)
- Backup management (manual, automatic via cloud)
- Configuration via:
- Web user interface: single-system management
- Unified Security Console (USC): Multi-System Management*
- CLI (Command Line Interface): Console-based administration - scripting and remote administration possible
- SSH access to CLI
- Console - Serial interface
- Interface adapts to browser resolution (Responsive)
- Customisable dashboards
* Only usable with public IP address on the external interface
- Languages: English, German
- Comprehensive spam management incl. authorisation system
- Clientless VPN (browser-based connection via RDP/ VNC without additional plug-ins (HTML5))
- Download of automatically pre-configured SSL VPN clients (OpenVPN)
- Wake-on-LAN
- Captive portal incl. user administration
- Change password
UTM functions for monitoring, logging and reporting
- Acute status reports by e-mail
- Prepared status reports as a separate service - Unified Security Report (USR)
- Anonymisation of log data/reports
- System/service/process status
- Hardware status
- Network status
- Traffic status
- VPN status
- User authentication status
- Live logging
- Syslog protocol support and integrated syslog server
- Logging to various syslog servers Syslog server via UDP and TCP
- Sensors for RMM systems
- SNMPv1
- SNMPv2c
- SNMPv3
- Monitoring:
System status, application status, VPN connections (IPSec and OpenVPN), mail queue, network load and others.
- Visualisation of the security status of devices and services
- Current risk assessments of the individual services (e.g. alerts, viruses, e-mail quarantine and user activities)
- Devices, licences, users
- Traffic and security categories
- Performance of the systems used
- Risk assessments and recommendations for action
The network functions of the UTM firewalls
- Internet connection via LTE/UMTS
- LTE/UMTS use as fallback
- Virtual WLANs (e.g. guest networks)
- Authentication: WPA, WPA2-Enterprise, WPA2-Personal, WPA3-Enterprise, WPA3-Personal, WPA3-OWE
- 2.4 or 5 GHz, 802.11 n/ac
- WLAN monitoring
- Encryption: WPA2 and WPA3
- Automatic channel search
- PPPoE (xDSL)
- DHCP client
- Static IP configuration
- PPTP
- Load balancing
- Bandwidth management
- Time-controlled Internet connections
- DynDNS support (free of charge for resellers via www.spdyn.de)
- LTE/ UMTS 2G, 3G, 4G (Black Dwarf SB, Black Dwarf Pro, RC100, RC200)
- Prefix delegation for Ethernet and PPPoE
- IPv6 DHCP and Router Advertisment
- DHCP relay, also through VPN tunnel
- Rules for DHCP are automatically created for the respective interfaces
- Configuration for external tunnel brokers
- Source Routing
- Destination Routing
- Policy-Based Routing
- Multipath routing also in mixed mode (up to 15 lines)
- NAT (Static-/Hide-NAT), virtual IP addresses
- BGP4/OSPF/RIP
- Spanning Tree (Bridge ID, Port Cost)
- Number of bridges is not limited in the software
- Number of interfaces per bridge is not limited in the software
- Automatic QoS settings prioritise based on TOS/DSCP to ensure lower latencies
- QoS/traffic shaping also for VPN
- Up-/Download stream traffic adjustable
The traffic filter functions of the firewalls
- Deep Packet Inspection
- Connection Tracking TCP/UDP/ICMP
- SPI and proxy combinable
- OSI layer 7 filter
- Time-controlled firewall rules, content/web filter, Internet connection
- Supported protocols: TCP, UDP, ICMP, GRE, ESP, AH
- Geo-IP blocking
- Standard services such as Bootp and Netbios Datagram, Session Service and Name Service can be removed from the logging.
- Standard services such as VPN can be granted access without writing a rule for them.
- Static-NAT, Hide-NAT and their exceptions configurable in the packet filter
- Geo-IP blocking
- Virus scanner for mails
- Scan of compressed data, archives (zip etc.) and attachments
- Automatic updates
- The antivirus is available in the modules http/s proxy, mail filter
- Protocols when using mail filter/mail relay : SMTP, SMTPS
- Protocols when using mail connector: IMAP, IMAPS, POP3, POP3S
- Authentication: Active Directory, LDAP, local user database
- Configurable filter
- Zero-day protection
- Allow/block lists
- Grey listing (SMTP)
- Regular Expressions
- SMTP-Gateway:
- Greeting Pause, Recipient Flooding Protection, Rate Control
- Greylisting with whitelists of email addresses and domains
- E-mail address validation directly via SMTP protocol
- Can be combined with URL content filter (blocking of categories such as Danger, Hacking, Pornography etc.)
- Integrated for retrieving emails via POP3(S)/ IMAP(S) and forwarding via SMTP
- Modern Authentication: OAuth2 provider e.g. for Google Workspace and Microsoft 365
- Increases spam detection and virus protection
- Protocols: HTTP, HTTPS, FTP over HTTP
- SNI support
- Transparent mode (HTTP, HTTPS)
- Authentication: Active Directory, local user database
- Integrated URL/content/web filter (see content/web filter)
- Integrated antivirus system (see Antivirus)
- Group/time-controlled rules
- Protocol: POP3
- Transparent mode
- Authentication: Active Directory, local user database
- Integrated URL filter (see Content/Web filter)
- Integrated antivirus system (see Antivirus)
- Integrated spam filter (see Antispam)
- Category-based website blocking with over 40 categories
- Authentication: Active Directory (Kerberos, NTLM, Basic-Auth), LDAP (Basic-Auth), local user database (Basic-Auth)
- Profile-based access control based on IP addresses or user groups
- Scan technology with online database
- URL filter with URL lists
- Allow/block lists
- File extension/MIME types filter
- Safesearch (only works with activated full SSL-Interception)
- Advertising blocking (removes approx. 50% of advertisements from websites)
- URL shortener
- Protection against DoS/DDoS attacks
- DNS rebinding protection
- Portscan Protection
- Invalid Network Packet Protection
- IP blocking in case of faulty logon to services of the UTM (FailToBan)
- Threat Intelligence Filter - Cloud-based filter for blocking / logging potentially dangerous connections
More functions
- Active Directory
- LDAP
- Local user database
- Authentication against Active Directory, LDAP and the local user database for all VPN protocols, filters and proxy of the UTM
- Radius (only for SSL VPN, http proxy)
- Reverse proxy for HTTP, HTTPS
- Certificate-based authentication
- Load balancing on internal servers
- Bandwidth management
- Various filter options
- Automatic certificate renewal through Let's Encrypt/ACME
- Configuration contains all settings of the UTM firewall
- Local at the workstation and Securepoint Cloud
- Automatic and time-based creation of cloud backups
- Cloud backups can be encrypted
- Cloud backups can be restored and downloaded via the USC
- Integrated one-time password server for highly secure multi-factor authentication (MFA).
- Method: TOTP
- Usable with: Admin / user interface, SSL VPN, IPsec, SSH
- Automatic redirection of users
- HTTPS certificate changeable (see X.509 certificate server)
- Specification of terms of use
- Dynamic rules (port filter) for logged-in users
- Optional user login with user name and password
- Delegation of user administration to the user interface
- Captive Portal design is customisable
- UI of the Captive Portal can be stored in several languages
- Certificate Revocation List (CRL)
- Multi-CA support
- Multi-host certificate support
- Let's Encrypt/ACME directly integrated
VPN functions
- Site-to-Site (network coupling)
- End-to-Site (connection of individual devices)
- IKE method: IKEv2 and IKEv1
- Encryption: AES CBC, AES GCM, 3DEs and others
- Hash algo: SHA2 (512,256,128), SHA1, MD5
- DH groups: 2, 5, 14, 15, 16, 17, 18, 19, 20, 21
- Authentication: Preshared Keys (PSK), X.509 certificates, RSA keys, MS-CHAPv2, EAP-TLS
- Authentication: Active Directory, local user database
- DPD (Dead Peer Detection)
- NAT-T (MOBIKE configurable)
- Data compression
- PFS (Perfect Forward Secrecy)
- Route and policy mode VPN
- Daten-Kompression
- PFS (Perfect Forward Secrecy)
- Route- und Policy-Mode VPN
- Site-to-Site (network coupling)
- End-to-Site (connection of individual devices)
- Authentication: Active Directory, local user database
- Encryption: AES CBC, AES GCM, 3DEs and others
- Hash algo: SHA2 (512,256,128), SHA1, MD5m Whirlpool
- Routing mode VPN
- X.509 certificates
- TCP/UDP and port changeable
- Data compression
- Export of configurations for end-to-site
- SSL VPN clients for iOS/iPadOS, Android and Windows
- Multiple instances can be created
- Site-to-Site (network coupling)
- End-to-Site (connection of individual devices)
- Key exchange: Curve25519 (ECDHE)
- Encryption of user data: ChaCha20 and Poly1305
- Hashing: BLAKE2s
- Authentication: x25519 key and PSK
- Routing mode VPN
- UDP port arbitrary selectable
Securepoint SSL VPN Client (OpenVPN) for Windows
- Including configuration downloadable via user web interface
- Application without admin rights under Windows
UTM Firewalls
The basis of network security
- High-end content filter
- Double virus filter
- Anti-spam functions
Antivirus PRO
The antivirus for businesses
- High-performance scan engine
- Fast and unobtrusive
- Central management
Securepoint Mobile Security
MDM and firewall to Go
- Security for smartphone and tablet
- Full mobile device management
- Encrypted connections
Legally compliant e-mail archiving
With Unified Mail Archive
- Intuitive search engine
- Tamper-proof
- DSGVO and GoBD ready
Reliable data backup
With Unified Backup
- The last protection against ransomware
- Reliable, fast, up-to-date
- Server in Germany
Cyber-Awareness-Training
With Awareness PLUS
- Makes employees a "human firewall
- Regular IT security training
- Measurable learning success