Jump to:navigation, search
Wiki

Accessions of the UTM

From Securepoint Wiki










































Entry User Interface Portal  On }





















De.png
En.png
Fr.png









Access to an UTM

Last adaptation to the version: 14.0.3

New:
notempty
This article refers to a Resellerpreview


Keyboard and screen on the UTM

The built-in monitor connection (VGA or HDMI) and a USB port allow direct access to the UTM with monitor and keyboard

Display of Zero Touch information

UTM v14.0.3 Zero-Touch Konsole.png
Display of Zero Touch information
notempty
New as of v14.0.0
 If no license is installed of the UTM, Enrollment information for Zero Touch will be displayed.
  • Serial number (a serial number is created for VMs)
  • Zero Touch PIN
  • IP address notempty
    New as of v.14.0.1
  • Gateway notempty
    New as of v.14.0.1

The information for Zero Touch is required in Unified Security Portal under  Unified Security Console  UTM Zero-Touch Wiki Zero Touch


Login mask

UTM v11.8.7 Login-direkt.png

Using the key combination Alt (Cursor/Right arrow key) respectively you can access the login mask

Factory Setting:

  • Username: admin
  • Password: insecure


Web interface

Open the web interface via the IP address of the UTM (factory setting: https://192.168.175.1) and the respective port:

Administration Interface

UTM v14.0.3 Login-Admin-en.png
Administration interface: Port 11115 (factory setting)







  • If the port for the admin or the user interface is set to a well known port (ports 0-1023), access by the browser can be blocked!
  • Error message in Chome / Edge: ERR_UNSAFE_PORT
  • Error message in Firefox: Error: Port blocked for security reasons

    • Factory setting: https://192.168.175.1:11115
    • Username: admin
    • Password: insecure
  • In the factory settings, the admin interface is only accessible via the 'internal network LAN2 / A1 (if Firmware ≤ v12: eth1).


    • User-Webinterface

    UTM v14.0.3 Login-User-en.png
    • User web interface: Port 443 (factory setting)

    Factory setting: https://192.168.175.1:443

  • In order for the user interface to be displayed at all, must:
    • A user must be created
    • The user must be a member of a group that has the permission Userinterface (see User Management)
    • If the access is not from the internal network (zone internal) a firewall rule or an implicit rule is required Firewall Implied Rules Section VPN



    CLI

    Command Line Interface
    Command overview here.


    Webinterface

    UTM v11.8.7 CLI-Webinterface-en.png

    Open in the menu Extras CLI



    SSH

    UTM v11.8.7 CLI-SSH-Admin.png

    Access as an administrator is also possible via SSH.
    With the SSH client under Linux, the command ssh user@<IP address>

    Further notes in the article about access with SSH is sufficient.

    UTM v11.8.7 CLI-SSH-root.png

    Users with root permission get directly to the Linux console of the UTM.
    Call with the command spcli.
    Root permission is given to


    Serial interface

    When using the serial interface, the connection is established with a suitable program, e.g. Putty on Windows ( ) Minicom on Linux.
    The following settings must be used to use the serial interface:

    • 38400 baud (for CLI)
    • 115200 baud (for Bios)
    • 8 data bits
    • 1 stop bit
    • No parity/handshake




    Websession

    Dialog for starting a Websession

    A Websession to a UTM can be established via Unified Security Console (USC).

    The operation is the same via the Webinterface.
    Access via https://portal.securepoint.cloud / Menü USC UTMs /Select Utm tile / Section Websession / Button  start new Websession

    Further details can be found in the Wiki under Websessions


    Monitor failed logins

    The log can be viewed in the web interface under Log Only display alerting center messages.
    Alternatively, the data can also be retrieved with the following CLI command:
    alertingcenter alerts get

    Limitation / throttling of login attempts

    Error message if login attempts fail too often

    In addition to the blocking of login attempts in IDS / IPS (activation under BlockChain (Fail2Ban) ) a new automatic throttling of login attempts takes effect for the admin and user interface:

    • After 8 consecutive failed login attempts, the login function via the admin and user interface will be blocked for a certain time.
    • This throttling takes effect on all interfaces and cannot be deactivated
    • The block time is initially a few seconds and increases for each additional failed login attempt
    • A corresponding message is displayed as a pop-up window
  • If a blocking threshold of more than 8 is set in the IDS / IPS, automatic throttling takes effect first.
    Lockouts via the IDS/IPS can be configured individually for each login service
    and each IP address through which access is made.
    Depending on the number of login attempts and the duration of the ban set there, a combination is created with the login attempt limitation described here.

















































    • Connection Rate Limit

    Throttling of access from certain source IPs to recurring ports

    notempty

    The function is still in the testing phase and will be further expanded.
    The function can initially only be configured via the CLI

    The function aims to protect against attacks.
    SSL-VPN accesses can be protected against aggressive scans or login attempts, for example.

    Connection Rate Limit.png
    Connection Rate Limit Access.png

    From v12.6.2, the UTM can limit the number of TCP and/or UDP connections from an external IP address to one port.
    The following conditions apply:

    • Only incoming connections for which a default route exists are monitored
    • The connections from an IP address to a port of the UTM are counted within one minute
    • When activated, 5 connections / connection attempts per minute are permitted.
      The connections are then limited:
      • The additionally permitted connections are distributed evenly within 60 seconds of the first connection.
      • With a CONNECTION_RATE_LIMIT value of 20, an additional connection is added every 3 seconds.
      • 10 seconds after the first login, 3 further connections could be established (each from the same IP address to the same destination port)
    • Blocking an IP address only affects access to the port that has been used too often.


    Other ports can still be accessed.

    • The function is activated by default for new installations on 20 UDP connections / minute on all ports
    • For Updates the function must be manually activated
    extc-Variable Default Description
    CONNECTION_RATE_LIMIT_TCP 0 Number of permitted TCP connections of an IP address per port
    0 = Function deactivated, no blocking is performed
    CONNECTION_RATE_LIMIT_TCP_PORTS Ports to be monitored. Empty by default=all ports would be monitored (if activated).
    Individual ports are separated by spaces: [ 1194 1195 ]
    CONNECTION_RATE_LIMIT_UDP 20 / 0
    		Number of permitted UDP connections of an IP address per port
    CONNECTION_RATE_LIMIT_UDP_PORTS Ports to be monitored. Empty by default=all ports are monitored (only for new installations!).
    Individual ports are separated by spaces: [ 1194 1195 ]

    Configuration with CLI commands

    Retrieved from "https://wiki.securepoint.de/index.php?title=UTM/Administration&oldid=95256"