Excellent VPN

Securepoint NextGen UTM firewalls as the central instance of IT security: Once again, our integrated VPN solution for users is among the best in a competitive comparison.

Professional site networking

The Securepoint Black Dwarf VPN-Gateway is the most affordable entry model of the highly integrated Securepoint VPN and UTM network components. It is especially designed for small offices, branches and home offices of up to 10 users.

The VPN-Gateway makes it possible to link any number of locations securely and to provide VPN dial-up accesses. The VPN server supports the latest protocols such as IPSec, SSL-VPN/OpenVPN, L2TP and PPTP. In addition, Clientless VPN can be used via standard browsers without having to install a plug-in.

Your benefits

  • Secure VPN connections
  • VPN servers (IPSec, SSL-VPN, L2TP, PPTP)
  • No additional licencing of VPN clients
  • WiFi-ready - simple activation via licence key
  • Can be upgraded to complete UTM system via licence key

Black Dwarf VPN-Gateway



Type:Black Dwarf VPN-Gateway
Suitable for:up to 10 users at the location
Brief overview of features:

Highly integrated, energy-saving UTM-Gateway including:

  • Stateful Packet Inspection Firewall (SPI)
  • Secure VPN connections: - Gateway-to-Gateway - Gateway-to-Client
  • VPN servers (IPSec, SSL-VPN, L2TP, PPTP)
  • Site networking with any number of VPN channels
  • Integrated free of charge Securepoint VPN-Client
  • No licence costs for VPN connections
  • Clientless VPN - Browser-based VPN without plug-in (HTML5, RDP, VNC)
  • User identification (locally, active directory, LDAP)
  • Complete router functionality
  • Complete IPv6 support
  • Reliability when using multiple Internet accesses (fallback)
  • Load distribution across multiple Internet accesses (load balancing/multipath routing)
  • Integrated one-time password server for high security two and three factor authentication (OTP)
LAN ports MBit/s:3 x 10/100/1,000
WiFi (300 MBit/s):pre-installed (can be activated via licence key)
Power consumption:~19 watts
VPN clients included:
Can be upgraded:via licence key on UTM-Gateway:
Virus scanner, content/web filter, spam filter, IDS, etc.
Warranty:36-month guarantee (bring-in)


SPI überwachtWLAN vorbereitetUMTS optionalVPN ServerVPN ClientsIPv6 ReadyUTM aufrüstbar



Overview of functions:

The VPN-Gateway Black Dwarf from Securepoint enables branches and mobile employees (BYOD), locations and home offices to be linked securely and efficiently or to be linked to a central office. The VPN-Gateway can be upgraded easily to a complete Securepoint UTM-Gateway using a licence key. A myriad of VPN channels based on IPSec, OpenVPN (SSL) and L2TP/PPTP are available and do not have to be ordered additionally. The Securepoint VPN-Client (OpenVPN SSL), which is also free, is included here and can be used as often as you wish without any additional cost. Fully compatible with all Windows(TM)-VPN versions and protocols as well as all standard VPN third-parties such as NCP Secure Entry CE Client for Smartphone, NCP Secure Entry CE Client for PocketPC, Greenbow VPN Client, etc.


Operating functions

Administrator operation:

  • Languages: English, German
  • Roll-based administration; audit-ready
  • Two-man rule, anonymisation of log data/reports
  • Encrypting configurations, log data/reports
  • Real-time monitoring functions
  • Object-oriented configuration
  • Configuration management for up to 5,000 Securepoint-UTM/VPN systems
  • Configuration security management in Securepoint Cloud
  • Password/access data management
  • Configuration management (multiple configurations in one system)
  • Firmware management (updating firmware versions)
  • Backup management (configuration backups)
  • Configuration via:

    • CLI (Command Line Interface): Script-based management for automatic rollouts
    • Web user interface: Single-System-Management
    • Securepoint Operation Center (SOC): Multi-System-Management

  • SSH access to CLI
  • Customisable dashboard


End user operation:


  • Languages: English, German
  • Download of automatically preconfigured SSL-VPN-Clients (OpenVPN)
  • Wake-on-LAN


Monitoring, logging and reporting functions

Monitoring, logging and reporting:

  • Two-man rule
  • Encryption of:

    • configurations
    • log data and reports

  • Anonymisation of log data/reports
  • Internet connection monitoring
  • System/service status
  • Hardware status
  • Network status
  • Service/process status
  • Traffic status
  • VPN status
  • User authentication status
  • Live logging
  • Syslog protocol support and integrated syslog-server (see SOC)
  • Logging for different Syslog servers




  • SNMPv1
  • SNMPv2c
  • SNMP-traps
  • Monitoring:

    • CPU, RAM, HDD/SSD/RAID, Ethernet
    • Internet connections
    • VPN tunnel
    • Users
    • Statistics, updates and licences
    • DHCP
    • HA*


Statistics and reports (SOC):


  • Export statistics as PDF and CSV
  • Anti-virus/anti-spam statistics
  • Alerts: Triggered alarms
  • Malware: Names, type, number
  • Top websites: Traffic to websites
  • Top surfers: All users that cause traffic
  • User’s traffic
  • Surfers+websites: Websites by users
  • Content/web filter-blocked categories
  • Blocked websites: websites that are blocked
  • Interface utilisation/traffic
  • SMTP attacks
  • IDS attacks overview
  • IDS IP attackers and types of attack
  • Top dropped packets
  • Top accepted packets
  • Top rejected packets
  • Top rejected emails
  • Top accepted emails
  • Top accepted/rejected emails
  • Top accepted mail servers
  • Top rejected mail servers
  • Top server in greylisting whitelisted
  • Top server in greylisting rejected


Network functions


  • Ethernet 10/100/1000 Mbit/s
  • Twisted pair
  • MTU can be changed (Ethernet/DSL)
  • PPPoE
  • Cable modem, xDSL
  • Load balancing
  • Bandwidth management
  • Time-controlled Internet connections
  • Manual and automatic DNS assignment
  • DynDNS support (free via Securepoint DynDNS)




  • Source routing
  • Destination routing
  • Multipath routing in mixed operation also
  • NAT (Static-/Hide-NAT), virtual IP addresses
  • PAT (Port address translation)
  • VLAN




  • DHCP relay
  • DHCP-Client
  • DHCP server (dynamic/fixed IP)




  • Port-forwarding
  • Port address translation (PAT)
  • Dedicated DMZ links




  • Max. 4094 VLANs per interface
  • 802.1q Ethernet header tagging


Traffic shaping/quality of service (QoS):


  • QoS/traffic shaping (also for VPN)
  • Up-/Download-Stream-Traffic adjustable
  • All services can be configured separately
  • Minimum, maximum and guaranteed bandwidths can be configured individually
  • QoS with TOS flag support
  • Supporting multiple Internet connections


High availability:


  • Active passive HA
  • Synchronisation of single/multiple connections
  • Manual switch roles


Name server:


  • Forwarder
  • Relay zones
  • Master zones (domain and reverse)


Security functions

Firewall Deep Packet Inspection (DPI):

  • Stateful Inspection
  • Connection Tracking TCP/UDP/ICMP
  • SPI and proxy can be combined
  • OSI-Layer 7-Filter
  • Time-controlled firewall rules, content/web filter, Internet connection
  • Group-based firewall rules, content/web filter, Internet connection
  • Supported protocols: TCP, UDP, ICMP, GRE, ESP, AH
  • Implied rules configuration:
  • Standard services such as Bootp, Netbios Broadcast... can be removed from logging via On-Click
  • Standard services such as VPN can be granted access via On-Click without a rule having to be written
  • Static-NAT, Hide-NAT and their exceptions can be configured in the packet filter
  • Automatic update functions




  • VPN
  • and certificate assistant




  • Site-to-Site (VPN branches)
  • Client-to-Site (VPN home offices)
  • Authentication: Active directory, local user database
  • Encryption: 3DES, AES 128/ 256Bit, Twofish, Hash-Algo., MD5-HMAC/SHA1
  • Windows 7/8-ready with IKEv1, IKEv2
  • Pre-shared keys (PSK)
  • X.509 certificate
  • Tunnel mode
  • DPD (Dead Peer Detection)
  • NAT-T
  • Data compression
  • PFS (Perfect Forward Secrecy)
  • Export for One-Click connection




  • Site-to-Site (VPN branches)
  • Client-to-Site (VPN home offices)
  • Authentication: Active directory, local user database
  • SSL encryption (OpenVPN)
  • Encryption: 3DES, AES (128, 192, 256) CAST5, Blowfish
  • Routing mode VPN
  • X.509 certificate
  • TCP/UDP port can be changed
  • Data compression
  • Specific WINS
  • and DNS server
  • Export for One-Click connection




  • Site-to-Site (VPN branches)
  • Client-to-Site (VPN home offices)
  • Authentication: Active directory, radius, local user database
  • Windows L2TP support




  • Authentication: Active directory, radius, local user database
  • Windows PPTP support


X.509 certificate server:


  • Certificate revocation list (CRL)
  • Online certificate status protocol (OCSP)
  • Templates
  • Multi-CA support
  • Multi-host certificate support


VPN clients/OpenVPN (free):


  • Can be configured centrally via administration interface
  • Configuration that can be downloaded via user web interface included
  • Can be installed without admin rights on Windows devices
  • Operation: On-Click-VPN-Connection


User authentication:


  • Complete active directory integration
  • Authentication against active directory for all VPN protocols, filters and proxies of UTM
  • Radius authentication for VPN protocols PPTP/L2TP additionally




  • Locally in the workplace, locally in UTM/VPN system, in SOC database and Securepoint Cloud
  • Automatic and time-based backups
  • Backups can be encrypted
  • Multiple configurations/backups possible in system in operation



Product information: Product brochure and features
Further information: Wiki, how-tos, FAQs and change logs
Manuals and UTM software downloads
Support forum
Courses, training, consultation and certification: Media library (videos)
IT security project and consultation guidelines
Image downloads: You can find image material in our media centre



Admin web interface:

Quick overview with dashboard and docking station
You can access the admin web interface of the Securepoint VPN-Gateway using a web browser. This is the central interface for managing the appliance. The admin interface has a monitoring overview for VPN that can be configured individually and it has a docking station. Here you can define views to meet your own personal requirements and thus display the most important information about the VPN-Gateway. Simple operation via the admin interface and the use of the setup wizard thus ensure a quick start-up.

Administration: Central configuration management, backups and monitoring with the Securepoint Operation Center
The Securepoint Operation Center is the central configuration and management solution for all of Securepoint’s UTM and VPN systems. The Operation Center allows you to centrally manage and automatically support any number of Securepoint UTM and VPN products. This is especially important if you have to manage large UTM and VPN infrastructures. The Securepoint Operation Center is available as a local desktop and server version that can be integrated into your central backup concept.

Advice form