VPN-Gateway Black Dwarf series

Overview of functions:

The VPN-Gateway Black Dwarf from Securepoint enables branches and mobile employees (BYOD), locations and home offices to be linked securely and efficiently or to be linked to a central office. The VPN-Gateway can be upgraded easily to a complete Securepoint UTM-Gateway using a licence key. A myriad of VPN channels based on IPSec, OpenVPN (SSL) and L2TP/PPTP are available and do not have to be ordered additionally. The Securepoint VPN-Client (OpenVPN SSL), which is also free, is included here and can be used as often as you wish without any additional cost. Fully compatible with all Windows(TM)-VPN versions and protocols as well as all standard VPN third-parties such as NCP Secure Entry CE Client for Smartphone, NCP Secure Entry CE Client for PocketPC, Greenbow VPN Client, etc.

Administrator operation:

• Languages: English, German
• Roll-based administration; audit-ready
• Two-man rule, anonymisation of log data/reports
• Encrypting configurations, log data/reports
• Real-time monitoring functions
• Object-oriented configuration
• Configuration management for up to 5,000 Securepoint-UTM/VPN systems
• Configuration security management in Securepoint Cloud
• Password/access data management
• Configuration management (multiple configurations in one system)
• Firmware management (updating firmware versions)
• Backup management (configuration backups)
• Configuration via:
  • CLI (Command Line Interface): Script-based management for automatic rollouts
  • Web user interface: Single-System-Management
  • Securepoint Operation Center (SOC): Multi-System-Management

• SSH access to CLI
• Customisable dashboard

End user operation:

• Languages: English, German
• Download of automatically preconfigured SSL-VPN-Clients (OpenVPN)
• Wake-on-LAN

Monitoring, logging and reporting:

• Two-man rule
• Encryption of:
  • configurations
  • log data and reports

• Anonymisation of log data/reports
• Internet connection monitoring
• System/service status
• Hardware status
• Network status
• Service/process status
• Traffic status
• VPN status
• User authentication status
• Live logging
• Syslog protocol support and integrated syslog-server (see SOC)
• Logging for different Syslog servers

SNMP:

• SNMPv1
• SNMPv2c
• SNMP-traps
• Monitoring:
  • CPU, RAM, HDD/SSD/RAID, Ethernet
  • Internet connections
  • VPN tunnel
  • Users
  • Statistics, updates and licences
  • DHCP
  • HA*

Statistics and reports (SOC):

• Export statistics as PDF and CSV
• Anti-virus/anti-spam statistics
• Alerts: Triggered alarms
• Malware: Names, type, number
• Top websites: Traffic to websites
• Top surfers: All users that cause traffic
• User’s traffic
• Surfers+websites: Websites by users
• Content/web filter-blocked categories
• Blocked websites: websites that are blocked
• Interface utilisation/traffic
• SMTP attacks
• IDS attacks overview
• IDS IP attackers and types of attack
• Top dropped packets
• Top accepted packets
• Top rejected packets
• Top rejected emails
• Top accepted emails
• Top accepted/rejected emails
• Top accepted mail servers
• Top rejected mail servers
• Top server in greylisting whitelisted
• Top server in greylisting rejected

LAN / WAN:

• Ethernet 10/100/1000 Mbit/s
• Twisted pair
• MTU can be changed (Ethernet/DSL)
• PPPoE
• Cable modem, xDSL
• Load balancing
• Bandwidth management
• Time-controlled Internet connections
• Manual and automatic DNS assignment
• DynDNS support (free via Securepoint DynDNS)

Routing:

• Source routing
• Destination routing
• Multipath routing in mixed operation also
• NAT (Static-/Hide-NAT), virtual IP addresses
• PAT (Port address translation)
• VLAN

DHCP:

• DHCP relay
• DHCP-Client
• DHCP server (dynamic/fixed IP)

DMZ:

• Port-forwarding
• Port address translation (PAT)
• Dedicated DMZ links

VLAN:

• Max. 4094 VLANs per interface
• 802.1q Ethernet header tagging

Traffic shaping/quality of service (QoS):

• QoS/traffic shaping (also for VPN)
• Up-/Download-Stream-Traffic adjustable
• All services can be configured separately
• Minimum, maximum and guaranteed bandwidths can be configured individually
• QoS with TOS flag support
• Supporting multiple Internet connections

High availability:

• Active passive HA
• Synchronisation of single/multiple connections
• Manual switch roles

Name server:

• Forwarder
• Relay zones
• Master zones (domain and reverse)

Firewall Deep Packet Inspection (DPI):

• Stateful Inspection
• Connection Tracking TCP/UDP/ICMP
• SPI and proxy can be combined
• OSI-Layer 7-Filter
• Time-controlled firewall rules, content/web filter, Internet connection
• Group-based firewall rules, content/web filter, Internet connection
• Supported protocols: TCP, UDP, ICMP, GRE, ESP, AH
• Implied rules configuration:
• Standard services such as Bootp, Netbios Broadcast... can be removed from logging via On-Click
• Standard services such as VPN can be granted access via On-Click without a rule having to be written
• Static-NAT, Hide-NAT and their exceptions can be configured in the packet filter
• Automatic update functions

VPN:

• VPN
• and certificate assistant

IPSec:

• Site-to-Site (VPN branches)
• Client-to-Site (VPN home offices)
• Authentication: Active directory, local user database
• Encryption: 3DES, AES 128/ 256Bit, Twofish, Hash-Algo., MD5-HMAC/SHA1
• Windows 7/8-ready with IKEv1, IKEv2
• Pre-shared keys (PSK)
• X.509 certificate
• Tunnel mode
• DPD (Dead Peer Detection)
• NAT-T
• Data compression
• PFS (Perfect Forward Secrecy)
• Export for One-Click connection
• XAUTH, L2TP

SSL:

• Site-to-Site (VPN branches)
• Client-to-Site (VPN home offices)
• Authentication: Active directory, local user database
• SSL encryption (OpenVPN)
• Encryption: 3DES, AES (128, 192, 256) CAST5, Blowfish
• Routing mode VPN
• X.509 certificate
• TCP/UDP port can be changed
• Data compression
• Specific WINS
• and DNS server
• Export for One-Click connection

L2TP:

• Site-to-Site (VPN branches)
• Client-to-Site (VPN home offices)
• Authentication: Active directory, radius, local user database
• Windows L2TP support

PPTP:

• Authentication: Active directory, radius, local user database
• Windows PPTP support

X.509 certificate server:

• Certificate revocation list (CRL)
• Online certificate status protocol (OCSP)
• Templates
• Multi-CA support
• Multi-host certificate support

VPN clients/OpenVPN (free):

• Can be configured centrally via administration interface
• Configuration that can be downloaded via user web interface included
• Can be installed without admin rights on Windows devices
• Operation: On-Click-VPN-Connection

User authentication:

• Complete active directory integration
• Authentication against active directory for all VPN protocols, filters and proxies of UTM
• Radius authentication for VPN protocols PPTP/L2TP additionally

Backup:

• Locally in the workplace, locally in UTM/VPN system, in SOC database and Securepoint Cloud
• Automatic and time-based backups
• Backups can be encrypted
• Multiple configurations/backups possible in system in operation

Admin web interface:

Quick overview with dashboard and docking station
You can access the admin web interface of the Securepoint VPN-Gateway using a web browser. This is the central interface for managing the appliance. The admin interface has a monitoring overview for VPN that can be configured individually and it has a docking station. Here you can define views to meet your own personal requirements and thus display the most important information about the VPN-Gateway. Simple operation via the admin interface and the use of the setup wizard thus ensure a quick start-up.

Administration: Central configuration management, backups and monitoring with the Securepoint Operation Center
The Securepoint Operation Center is the central configuration and management solution for all of Securepoint’s UTM and VPN systems. The Operation Center allows you to centrally manage and automatically support any number of Securepoint UTM and VPN products. This is especially important if you have to manage large UTM and VPN infrastructures. The Securepoint Operation Center is available as a local desktop and server version that can be integrated into your central backup concept.