Web interface
UTM licence | VPN edition | |
---|---|---|
Languages | German, English | German, English |
Accessibility: Mode for colour vision deficiency | yes | yes |
Dark mode | yes | yes |
Audit-capable | yes | yes |
Real-time monitoring functions | yes | yes |
Configuration management | Multiple configurations on one system | Multiple configurations on one system |
Triple firmware system for optimum security during upgrades | yes | yes |
Backup management | Manually, automatically via cloud | Manually, automatically via cloud |
Local administration | Web user interface, SSH, console via serial connection, monitor + keyboard | Web user interface, SSH, console via serial connection, monitor + keyboard |
External administration | Unified Security Console (USC) | Unified Security Console (USC) |
CLI (Command Line Interface) | Console-based management - scripting and remote management possible | Console-based management - scripting and remote management possible |
Responsive design: interface adapts to browser size | yes | yes |
Customisable dashboards | yes | yes |
UTM licence | VPN licence | |
---|---|---|
Languages | German, English | German, English |
Clientless VPN |
- Browser-based connection via RDP - VNC without additional plug-ins (HTML5) |
- Browser-based connection via RDP - VNC without additional plug-ins (HTML5) |
SSL VPN clients (OpenVPN) | Download of automatically preconfigured SSL VPN clients | Download of automatically preconfigured SSL VPN clients |
Wake on LAN | yes | yes |
Change password | yes | yes |
Spam management | yes, incl. authorisation system | no |
Captive Portal | yes, incl. user management | no |
Monitoring, logging and reporting
UTM licence | VPN licence | |
---|---|---|
Log data | yes | yes |
Anonymisation of log data with regard to GDPR | yes, switched on by default | yes, switched on by default |
System/services/process status | yes | yes |
Hardware status | yes | yes |
Network status | yes | yes |
Traffic status | yes | yes |
VPN status | yes | yes |
User authentication status | yes | yes |
Live logging | yes | yes |
Syslog |
- Syslog protocol support - Integrated syslog server |
- Syslog protocol support - Integrated syslog server |
Syslog logging | Various syslog servers via UDP and TCP | Various syslog servers via UDP and TCP |
Sensors | for RMM systems | for RMM systems |
Unified Security Report (USR) | Prepared status reports as a separate service | yes |
Acute status reports | by mail | no |
Reports | yes | no |
Anonymisation of reports | yes | no |
UTM licence | VPN licence | |
---|---|---|
SNMPv1 | yes | yes |
SNMPv2c | yes | yes |
SNMPv3 | yes | yes |
Monitoring of the system status | yes | yes |
Application status monitoring | yes | yes |
Monitoring of VPN connection (IPSec, OpenVPN) | yes | yes |
Monitoring network utilisation | yes | yes |
Mail queue monitoring | yes | no |
UTM licence | VPN licence | |
---|---|---|
Unified Security Report | yes (optional depending on licence) | yes (optional depending on licence) |
Visualisation of the security status of devices and services | yes | Not applicable |
Traffic and security categories | yes | Not applicable |
Current risk assessments of the individual services | yes | Not applicable |
Devices, licences, users | yes | Not applicable |
Performance report of the systems used | yes | Not applicable |
Risk assessments including recommendations for action | yes | Not applicable |
Network functions
UTM licence | VPN licence | |
---|---|---|
For models (Black Dwarf, Black Dwarf Pro, RC100, RC200) | yes | yes |
Internet connection via optional LTE USB kit | Internet connection via optional LTE USB kit | Internet connection via optional LTE USB kit |
Fallback via optional LTE USB kit | Fallback via optional LTE USB kit | Fallback via optional LTE USB kit |
UTM licence | VPN licence | |
---|---|---|
Virtual WLANs (e.g. guest networks) | yes | yes |
Authentication via WPA | yes | yes |
Authentication via WPA2-Enterprise | yes | yes |
Authentication via WPA2-Personal | yes | yes |
Authentication via WPA3-Enterprise | yes | yes |
Authentication via WPA3-Personal | yes | yes |
Authentication via WPA3-OWE | yes | yes |
WLAN (2,4 or 5 GHz, 802.11 n/ac) | yes | yes |
WLAN monitoring | yes | yes |
Encryption WPA2 | yes | yes |
Encryption WPA3 | yes | yes |
Channel search | automatically | automatically |
Number of SSIDs | 2 | 2 |
UTM licence | VPN licence | |
---|---|---|
PPPoE (e.g. for xDSL) | yes | yes |
DHCP client (e.g. for cable modem) | yes | yes |
Static IP configuration | yes | yes |
Load balancing | yes | yes |
Bandwidth management | yes | yes |
Support for dynamic DNS services (free of charge for resellers via www.spdyn.de) | yes | yes |
Optional LTE / UMTS 2G, 3G, 4G (via LTE USB kit) | yes | yes |
Traffic filter function
UTM licence | VPN licence | |
---|---|---|
Time-controlled firewall rules | yes | yes |
Connection tracking | yes | yes |
Time-controlled Internet connection | yes | yes |
Geo IP blocking | yes | yes |
Packet filter (SPI) and proxy can be combined | yes | Proxy not available |
Deep Packet Inspection (DPI) | yes | no |
Content/web filter | yes | no |
Time-controlled content/web filters | yes | no |
Supported protocols | All IP-based protocols | All IP-based protocols |
Predefined rules that apply to the entire system (implicit rules) | yes | yes |
UTM licence | VPN licence | |
---|---|---|
Protection against DoS/DDoS attacks | yes | yes |
DNS rebinding protection | yes | yes |
Portscan protection | yes | yes |
Invalid network packet protection | yes | yes |
IP blocking in the event of incorrect logon to UTM services (FailToBan) | yes | yes |
Threat Intelligence Filter - Cloud-based filter for blocking known threats | yes | yes |
Logging of potentially dangerous connections | yes | yes |
Mailsecurity
UTM licence | VPN licence | |
---|---|---|
Antispam available | yes | no |
Configurable filter | yes | not applicable |
Virus Outbreak Detection | yes | not applicable |
Virus scanner | yes | not applicable |
Allow/block lists | yes | not applicable |
Regular Expressions | yes | not applicable |
Filter on header fields in emails | yes | not applicable |
Filter for file attachments | yes | not applicable |
Filter for SPF/DKIM/DMARC results | yes | not applicable |
Filter for HTTP links in emails | yes | not applicable |
Filter on hashes of known emails | yes | not applicable |
Filter for fake URLs | yes | not applicable |
URL content filter (blocking of categories such as Danger, Hacking, Pornography etc.) | yes | not applicable |
Quarantine | yes | not applicable |
Quarantine with rescan functionality | yes | not applicable |
Marking the subject of e-mails | yes | not applicable |
UTM licence | VPN licence | |
---|---|---|
Supported protocols | SMTP/S | not applicable |
Supported STARTTLS | yes | not applicable |
Authentication |
- Active Directory - LDAP - Local user database - Entra ID | not applicable |
Check for SPF/DKIM/DMARC | yes | not applicable |
Check for greeting pause, HELO and reverse DNS | yes | not applicable |
Protection against recipient flooding"" | yes | not applicable |
Rate control | yes | not applicable |
Greylisting with allowlists of e-mail addresses and domains | yes | not applicable |
Allow-/Blocklists | yes | not applicable |
E-mail address validation directly via SMTP protocol | yes | not applicable |
Forcing TLS | yes | not applicable |
DKIM Signing | yes | not applicable |
Smarthost with authentication | yes | not applicable |
UTM licence | VPN licence | |
---|---|---|
Supported protocols |
- IMAP/S (external) - POP3/S (external) - SMTP/S (internal) | not applicable |
Authentication | OAuth2 provider (e.g. for Google Workspace and Microsoft 365) | not applicable |
Web security
UTM licence | VPN licence | |
---|---|---|
HTTP proxy integrated | yes | no |
Protocols | HTTP & HTTPS | not applicable |
SNI support | yes | not applicable |
Transparent mode | HTTP & HTTPS | not applicable |
Authentication |
- Active Directory (Kerberos, NTLM, Basic-Auth) - LDAP (Basic-Auth) - Local user database (Basic-Auth) - Radius | not applicable |
URL filter | yes | not applicable |
Web filter | yes | not applicable |
Antivirus | yes | not applicable |
Access control | Profile-based access control based on IP addresses or user groups | not applicable |
Bandwidth limitation possible | yes | not applicable |
UTM licence | VPN licence | |
---|---|---|
Content & web filter integrated | yes | no |
Category-based website blocking with over 40 categories | yes | not applicable |
Scan technology with online database | yes | not applicable |
Filters |
- URL filter with URL lists - Youth protection incl. BPjM filter - File-Extension/ MIME types filter - Allow/ block lists | not applicable |
URL shortener | yes | not applicable |
Advertising blocking | yes | not applicable |
Force safesearch | yes, in combination with SSL interception | not applicable |
Threat intelligence feed | yes | not applicable |
Rules |
- User- / group-specific rules - Time-controlled rules | not applicable |
Further functions
UTM licence | VPN licence | |
---|---|---|
Authentication for all VPN protocols (incl. SSL VPN and HTTP proxy) and UTM filters |
- Active Directory - LDAP - local user database - Entra ID |
- Active Directory - LDAP - local user database - Entra ID |
Authentication for SSL VPN and HTTP proxy | Radius | Radius |
UTM licence | VPN licence | |
---|---|---|
Configuration | all settings of the UTM firewall | all settings of the UTM firewall |
Local backup | yes | yes |
Cloud backup | Automatic and time-based | Automatic and time-based |
Encryption for cloud backup | yes | yes |
Restore for cloud backup | Cloud backups can be restored and downloaded via the Unified Security Console (USC) | Cloud backups can be restored and downloaded via the Unified Security Console (USC) |
UTM licence | VPN licence | |
---|---|---|
Integrated one-time password server for highly secure multi-factor authentication (MFA) | yes | yes |
Procedure | TOTP | TOTP |
Usable with |
- Admin interface - User interface - SSL VPN - IPsec - SSH |
- Admin interface - User interface - SSL VPN - IPsec - SSH |
UTM licence | VPN licence | |
---|---|---|
Certificate revocation list (CRL) | yes | yes |
Multi-CA support | yes | yes |
Multi-host certificate support | yes | yes |
Let's Encrypt/ ACME | integrated | integrated |
UTM licence | VPN licence | |
---|---|---|
Reverse proxy integrated | yes | no |
Usable for | HTTP & HTTPS | not applicable |
Authentication | Certificate-based | not applicable |
Loadbalancing | Load balancing on internal servers | not applicable |
Bandwidth management | yes | not applicable |
Filters | Various filter options | not applicable |
Certificate renewal | Automatically through Let's Encrypt/ ACME | not applicable |
UTM licence | VPN licence | |
---|---|---|
Captive portal integrated | yes | no |
HTTPS certificate | changeable | not applicable |
Specification of terms of use | yes | not applicable |
Dynamic rules (packet filter) | yes, for registered users | not applicable |
Optional user login | yes, with user name and password | not applicable |
Delegating the user administration | yes, to the user interface | not applicable |
Design of the captive portal | Customisable | not applicable |
Multilingual captive portal | yes | not applicable |
VPN functions
UTM licence | VPN licence | |
---|---|---|
Site-to-site (network coupling) | yes | yes |
End-to-Site/Roadwarrior (connection of individual devices) | yes | yes |
IKE procedure | IKEv2 and IKEv1 | IKEv2 and IKEv1 |
Encryption | We support current methods | We support current methods |
Hash functions | We support current methods | We support current methods |
Key exchange protocols | Diffie-Hellman (current groups), Eliptic Curve | Diffie-Hellman (current groups), Eliptic Curve |
Authentication |
- Preshared Keys (PSK) - X.509 certificates - RSA-Keys - MS-CHAPv2 - EAP-TLS |
- Preshared Keys (PSK) - X.509 certificates - RSA-Keys - MS-CHAPv2 - EAP-TLS |
User authentication |
- Active Directory - LDAP - Local user database - Entra ID |
- Active Directory - LDAP - Local user database - Entra ID |
Dead Peer Detection (DPD) | yes | yes |
NAT-T (MOBIKE configurable) | yes | yes |
Data compression | yes | yes |
Perfect Forward Secrecy (PFS) | yes | yes |
Mode | Route- und Policy-Mode VPN | Route- und Policy-Mode VPN |
UTM licence | VPN licence | |
---|---|---|
Site-to-site (network coupling) | yes | yes |
End-to-Site/Roadwarrior (connection of individual devices) | yes | yes |
Authentication |
- Active Directory - LDAP - local user database - Entra ID - Radius |
- Active Directory - LDAP - local user database - Entra ID - Radius |
Encryption | We support current methods | We support current methods |
Hash functions | We support current methods | We support current methods |
Mode | Routing mode VPN | Routing mode VPN |
X.509 certificates | yes | yes |
TCP/UDP and ports | changeable | changeable |
Data compression | yes | yes |
TLS Crypt | yes | yes |
Export of configurations | possible with end-to-site | possible with end-to-site |
Securepoint SSL VPN Clients |
- iOS / iPadOS - Android - Windows |
- iOS / iPadOS - Android - Windows |
UTM licence | VPN licence | |
---|---|---|
Site-to-site (network coupling) | yes | yes |
End-to-Site/Roadwarrior (connection of individual devices) | yes | yes |
Key exchange | Curve25519 (ECDHE) | Curve25519 (ECDHE) |
Encryption of user data | ChaCha20 & Poly1305 | ChaCha20 & Poly1305 |
Hash function | BLAKE2s | BLAKE2s |
Authentication |
- x25519 key - PSK |
- x25519 key - PSK |
Mode | Routing mode VPN | Routing mode VPN |
UDP Port | selectable at will | selectable at will |
UTM licence | VPN licence | |
---|---|---|
Self-service for configuration file | yes (user interface) | yes (user interface) |
Admin rights required to establish the connection | no | no |
UTM licence | VPN licence | |
---|---|---|
Connection | RDP / VNC over https | RDP / VNC over https |
Plugin necessary? | No, HTML5 based | No, HTML5 based |
Authentication |
- Active Directory - LDAP - lokale User-Datenbank - Entra ID - Radius |
- Active Directory - LDAP - lokale User-Datenbank - Entra ID - Radius |
Encryption | SSL encryption | SSL encryption |
Access via | User interface | User interface |
Our solutions for your company
UTM Firewalls
The basis of network security
- High-end content filter
- Double virus filter
- Anti-spam functions
Antivirus PRO
The antivirus for businesses
- High-performance scan engine
- Fast and unobtrusive
- Central management
Securepoint Mobile Security
MDM and firewall to Go
- Security for smartphone and tablet
- Full mobile device management
- Encrypted connections
Manage mobile devices centrally
With Mobile Device Management
- Control over apps and rights
- For Apple and Android
- Bring your own device (BYOD)
Reliable data backup
With Unified Backup
- The last protection against ransomware
- Reliable, fast, up-to-date
- Server in Germany
Cyber-Awareness-Training
With Awareness PLUS
- Makes employees a "human firewall
- Regular IT security training
- Measurable learning success