Zero-touch profiles for UTMs in the Unified Security Console
Last adaption: 11.2025
New:
- Update der UTM auf die neuste Version vor dem Zero-Touch-Enrollment (ab UTM-Version 14.1.1.)
- Option Update der UTM auf die neuste Version auch bei vorhandenen Zero-Touch-Profilen (ab UTM-Version 14.1.1.)
This article refers to a Beta version
-
Prerequisite
Introduction
- Zero-Touch allows you to transfer a complete configuration to a UTM, e.g., from a cloud backup, without having to make any entries on the device itself
- A UTM Zero-Touch profile must first be stored in the Unified Security Console (USC), linked to the serial number and PIN from the start screen, as well as a license and, if necessary, a configuration file
- The UTM attempts to establish a connection to the portal (assuming a DHCP server is available on LAN1 / A0) and automatically downloads this Zero-Touch profile
- The UTM restarts with the stored license and, if applicable, the stored configuration, and can be accessed via the USC via a web session
- The QR code displayed enables our shipping department to transmit the serial number and PIN to a reseller in advance
Welcome page
If no zero-touch profile is available, the following welcome page is displayed. This describes the principle of UTM Zero-Touch and the enrollment procedure. More details can be found in the wiki article UTM Zero-Touch.
Click the Add Zero-Touch Profile Now button to add a new Zero-Touch profile.
UTM Zero-touch Dashboard
| The dashboard displays an overview of the UTM Zero-Touch profiles. Details can be found under General Options. |
 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Add zero-touch profile
| Add profile Create a new zero-touch profile | |||
| Caption | Value | Description |  |
|---|---|---|---|
| Name | AnyIdeas | Name of the profile | |
| Serial number | 1234567890 | Unique serial number of the UTM | |
| Enrollment-PIN | A B C D E F G H | Enrollment-PIN of the UTM notempty The PIN is generated when the UTM is started for the first time after initial or new installation. The combination of the serial number and PIN must be unique. If a profile with this serial number and PIN already exists, no new profile can be created. | |
| The serial number and enrollment PIN are displayed on the UTM boot screen or on the Securepoint delivery note. | |||
| Start date | 25.11.2024 | Date from which the zero-touch profile should be valid | |
| Expiration date | 25.11.2025 | Date on which the zero-touch profile expires | |
| Websession PIN | 1 2 3 4 5 6 | Web session PIN for the UTM | |
| Lizenz | Lizenz aus Reseller-Portal auswählen TTT-Point AG (xxxxxxx) |
The license can be transferred directly from the reseller portal. In this case, a drop-down menu appears for selecting the licenses stored in the RSP. Only an existing license can be selected if the login was made via a reseller account. | |
| Lokal gespeicherte Lizenz auswählen UTM-Lizenz (.pem) hier per Drag & Drop ablegen oder klicken |
Locally stored UTM license (.pem file) to be applied to the UTM | ||
| Configuration | UTM-Config-TTT-Point-III.utm | Optional configuration of a UTM (.utm file), which can be a local backup or an encrypted cloud backup Located under → UTM tile → Tab Cloud Backup → Download button Further information can be found in the wiki article Configuration management | |
| Configuration password | The password to decrypt the UTM configuration | ||
| Update auf die aktuelle UTM-Version notempty New as of: UTM v14.1.1 |
notempty Ist erst einstellbar und wird erst ausgeführt wenn bei Konfiguration eine UTM-Konfiguration hinterlegt wurden ist! |
| |
| UTM AGB | By activating, you accept the UTM Terms and Conditions | ||
| Privacy Policy UTM | Upon activation, the UTM privacy policy is accepted | ||
| Privacy Policy Unified Security Console | Upon activation, the Unified Security Console (USC) privacy policy is accepted | ||
| Close | Closes the page without saving the entries | ||
| Save | Saves the entries and creates a new zero-touch tile | ||
|
| |||
Edit Zero-touch profile
| |||
| Existing zero-touch profiles can be edited by clicking on their tile. Alternatively, use the hamburger menu → Bearbeiten | |||
| Caption | Value | Description |  |
| Name | ZT AnyIdeas | Name of the profile | |
| Serial number | 1234567890 | Unique serial number of the UTM | |
| Enrollment-PIN | A B C D E F G H | Enrollment-PIN of the UTM notempty The PIN is generated when the UTM is started for the first time after initial or new installation. The combination of the serial number and PIN must be unique. If a profile with this serial number and PIN already exists, the change cannot be applied. | |
| Start date | 13.11.2024 | Date from which the zero-touch profile should be valid | |
| Expiration date | 30.04.2025 | Date on which the zero-touch profile expires | |
| Websession PIN | 1 2 3 4 5 6 | Web session PIN for the UTM | |
| Lizenz | Lizenz aus Reseller-Portal auswählen TTT-Point AG (xxxxxxx) |
The license can be transferred directly from the reseller portal. In this case, a drop-down menu appears for selecting the licenses stored in the RSP. Only an existing license can be selected if the login was made via a reseller account. | |
| Lokal gespeicherte Lizenz auswählen UTM-Lizenz (.pem) hier per Drag & Drop ablegen oder klicken |
Locally stored UTM license (.pem file) to be applied to the UTM | ||
| Configuration | notempty The configuration cannot be changed retrospectively! If a different configuration is to be used, a new zero-touch profile must be created. | ||
| Update auf die aktuelle UTM-Version notempty New as of: UTM v14.1.1 |
Diese Option lässt sich nachträglich nicht verändern! Soll diese Option aktiviert oder deaktiviert sein, muss ein neues Zero-Touch Profil angelegt werden! | ||
| Close | Closes the page without saving the changes | ||
| Save | Saves the changes | ||