Jump to:navigation, search
Wiki





notempty
Dieser Artikel bezieht sich auf eine nicht mehr aktuelle Version!

notempty
Der Artikel für die neueste Version steht hier

notempty
Zu diesem Artikel gibt es bereits eine neuere Version, die sich allerdings auf eine Reseller-Preview bezieht



































Entry User Interface Portal  On











De.png
En.png
Fr.png








Access to an UTM
Last adaption: 03.2022
New:
notempty
This article refers to a Resellerpreview

11.8



Keyboard and screen on the UTM

UTM v11.8.7 Login-direkt.png

The built-in VGA port and a USB port allow direct access to the UTM with monitor and keyboard:

  • Username: admin
  • Password: insecure



web interface

Open the web interface via the IP address of the UTM (factory setting: https://192.168.175.1) and the according port

Administration Interface

UTM v12 Login Admin-en.png

  • Administration interface: Port 11115 (factory setting)

Setting in menu → Network →Appliance SettingsTab Appliance Settings
Box

Web Server
Administration Web Interface Port: 11115Link=
  • If the port for the admin or the user interface is set to a well known port (ports 0-1023), access by the browser can be blocked!
    Access may still be possible:
    • The start of e.g. Google Chrome or Edge is done with the start parameter --explicitly-allowed-ports=xyz.
    • For Firefox, a string variable with the value of the port to be released is created in the configuration (about:config in the address bar) under network.security.ports.banned.override.
    • It is possible to create a temporary policy for chromium-based browsers to allow its use.
      This is strongly discouraged for safety reasons!
  • Error message in Chome / Edge: ERR_UNSAFE_PORT
  • Error message in Firefox: Error: Port blocked for security reasons

    • Administration Web Interface: Port 11115 (Factory Default)

      Setting in Menu → Network →Appliance SettingsTab Appliance Settings
      Box

      Webserver
      Administration Webinterface Port: 11115Link=

    Factory setting: https://192.168.175.1:11115
    • Username: admin
    • Password: insecure
    In the factory settings, the admin interface is only accessible via the 'internal network LAN2 (if Firmware ≤ v12: eth1).
    Change in menu → Network →Appliance SettingsTab Administration Button Add IP/ Network
    or via CLI:
    name.firewall.local> manager new hostlist 192.0.192.192/32


    User-Webinterface

    UTM v12 Login-User-en.png

    • User web interface: Port 443 (factory setting)

    Setting in menu → Network →Appliance SettingsTab Appliance Settings
    Box

    Webserver
    User Web Interface Port: 443Link=

    Factory setting: https://192.168.175.1:443
    In order for the user interface to be displayed at all, must:

    • A user must be created
    • The user must be a member of a group that has the permission Userinterface (see User Management)
    • If the access is not from the internal network (zone internal) a firewall rule or an implicit rule is required → Firewall →Implicit Rules Section Vpn



    CLI

    Command Line Interface
    Command overview here.

    Webinterface

    UTM v11.8.7 CLI-Webinterface-en.png

    Open in the menu → Extras →CLI



    SSH

    UTM v11.8.7 CLI-SSH-Admin.png

    Access as an administrator is also possible via SSH.
    With the SSH client under Linux, the command ssh user@<IP address>

    Further notes in the article about access with SSH is sufficient.

    UTM v11.8.7 CLI-SSH-root.png
    Users with root permission get directly to the Linux console of the UTM.
    Call Command Line Interface with the command spcli.
    Root permission is given to



    Serial interface

    The following settings must be used to use the serial interface:

    • 38400 baud (for CLI)
    • 115200 baud (for Bios)
    • 8 data bits
    • 1 stop bit
    • No parity/handshake




    Monitor failed logins

    The log can be viewed in the web interface under ‌ Log  Only display alerting center messages.
    Alternatively, the data can also be retrieved with the following CLI command:
    alertingcenter alerts get