Restore with configuration backup on a UTM

• When operating on a modem or fiber optic connection:
• Have login information of the Internet service provider ready
  • Who has the current login information of the ISP?
  • Is the login information available at the installation site?
  • Is the login information available at the time of installation?
  • if applicable: Is the person who has the login information available at the time of installation?
• When operating with a router:
  • What is the IP address of the router?
  • Can the UTM get a fixed IP?
  • For new installations, DHCP is activated on the external interface
• Local network:
  • What is the network IP of the local network(s)?
  • Which IP addresses should the interfaces of the UTM in these networks receive?
    As a rule, this should always be a fixed IP address!

• A USB stick with the UTM image is required.
  This Securepoint Imaging Tool can be used. (Resellerportal → Menu  Downloads → Tools x )
• Connect keyboard and monitor

• The prepared USB stick must be connected to the UTM
• Switch on the UTM
• Under Save & Exit execute Restore Defaults
  The USB stick should then be listed at the top of the boot menu of the device, preceded by the TAG UEFI
• Execute under Save & Exit Save Changes and Reset
• Perform installation/ update

• Display and confirmation of the license conditions
• Decision as to whether an upgrade should be carried out
  Default: Upgrade
• Selection of the hard disk on which the firmware is to be installed
• Starting the installation
• Request to remove the USB stick
• Reboot
• Display of the login console

1.	2.	3.

Abb.1	Abb.2	Abb.3

Abbildungen

Installation step 1

After the system has been started from the installation medium, the license conditions are displayed first. These should be read carefully. Click on Continue to be redirected to the next dialog to agree to the terms and conditions.

Installation step 2

The conditions must be accepted in order to continue with the installation. If the conditions are not accepted or the No button is clicked, the installation is aborted. The installation is continued by accepting the conditions and confirming with Yes .

Installation step Intermediate step

If the UTM software V11 is already installed on the device, either an update can be carried out via Upgrade or a new installation via Overwrite.

Installation step 3

The next step is to select a hard disk on which the operating system is to be installed

Installation step 4

After a hard disk has been selected, the installation must be confirmed again. If the decision has been made to carry out the installation on the displayed hard disk, this is confirmed with Yes.

Installation step 5

Information on the current progress is provided during the installation

Installation step 6

If the installation was successful, a corresponding dialog will draw attention to this.
Clicking on the OK button completes the installation.

Installationsschritt 7

The installation disk must now be removed and the system then restarted. If the installation was successful, the console login is displayed after the restart.

If administration via the CLI is not an issue, the IP adresses can be provided directly to the UTM via CLI
In this case, the monitor and keyboard remain directly connected to the UTM.
The login is done on the console.

The IP address of your own computer is temporarily adapted to the default network of the internal interface of the UTM.
This is followed by connecting your own computer to interface A1 (the internal interface) of the UTM.
The correct interface can be seen in the figure and table above.

This is how it works

Change IP address on Windows

• Display of network connections:
   r  ncpa.cpl

  ↵
• Show status of Ethernet connection with double click
• Show properties of the interface
• Show properties of the TCP/IPv4 connection
• Set IP address:
  • IP address:192.168.175.2
  • Subnet mask:255.255.255.0
  • Default gateway:192.168.175.1 (=Default address of the internal interface of the UTM)

1.	2.	3.

Abb.1	Abb.2	Abb.3

Abbildungen

Display of the network interface:

• Access via desktop display:
  • Click on the network icon in the taskbar next to the clock
  • Click on Network and Internet settings.
  • Click on Change adapter options.
• Access by command:
  • Windows key  r  ncpa.cpl
• Double-click on the interface used to display the status of the ethernet connection

In the status click on the button Properties

Select the entry Internet Protocol, Version 4 (TCP/IPv4) in the properties.

Click Properties button

Select entry Use the following IP address:

Set IP address:

• IP address:192.168.175.2
• Subnet mask:255.255.255.0
• Default gateway:192.168.175.1 (=Default address of the internal interface of the UTM)

Change IP address on Linux

Please refer to the corresponding documentation of the used distribution.
Examples for Ubunutu:

• Opening the terminal
• Identify the name of the interface: ip a
• Change IP address: (In the example enp0s3 is the interface used: sudo ip address add 192.168.175.2/24 dev enp0s3

Change IP address on a MAC

Change IP address on a MAC

• Menu System settings / network
• Configure IPv4: Manuell select in the dropdown menu
• IP address:192.168.175.2
• Subnet mask:255.255.255.0
• Router:192.168.175.1 (=Default address of the internal interface of the UTM)
• ButtonApply

notempty

After finishing the installation wizard and rebooting, the UTM is located in another network.
For further configuration, the IP address of your own computer must then be changed again.

Setting the original IP address:

• Fixed IP Addresses: Enter as described above
• Enable DHCP:
  • Windows: Properties Internet Protocol Version 4 (TCPIPv4) → select Obtain an IP address automatically
  • Linux: Example for Ubuntu: sudo ip address del 192.168.175.2/24 dev enp0s3
    sudo dhclient enp0s3
    If necessary, refer to the documentation of the distribution used.
  • MAC: coming soon...

If not already done, the following connections must be made now physically:

• Connect interface for the external interface (A0) towards the Internet (modem, router, etc.).
• Connect the internal interface (A1)
  • with your own computer, if the IP address has been adjusted on it.
  • to the network from which the UTM is to be administered, if the IP address of the UTM has been adjusted.

When the admin interface is called up for the first time, a certificate warning appears in the browser.
Since the browser doesn't know the certificate of the UTM, a security warning is issued.
This warning must be ignored.

Message in Firefox: Warning: Potential security risk ahead
Button Advanced / Accept the risk and continue

Message in Chrome / Chromium: This is not a secure connection. At the end click on Continue to IP address (unsure) .

Message in Edge: Your connection isn't private. At the end click on Continue to IP address (unsure) .

Message in Safari:
Button Show details / Link Open this website

If the restore is to be run with a cloud backup, all that is required is an Internet connection.
Due to the association with the license file, the corresponding cloud backups are automatically displayed in the Configuration  Area Cloud Backup menu.
Simply start the installation wizard and fill only step 4 (Internet) with the correct data.

If a local backup is available, it can be imported in the Configuration management.

Configuration  Area Local configurations button Import configuration

Import configuration Import configuration	Imports the configuration of a (different) Securepoint UTM. Select the config file with Browse Import with the Upload button. The appliance being imported into must have the same or a higher version than the configuration file being imported. As of version 12, only configurations from a UTM v11.8.x and higher are imported. If an older configuration file must be used, it can first be imported into a (virtual) UTM with version 11.8.x. From there, the configuration can be exported again and imported into a v12.	Import configuration UTMuser@firewall.name.fqdn Upload
Name:	Label under which this configuration is to be displayed in the configuration management.
Password:	Password used to encrypt this configuration
Then upload or add configuration with Upload notempty New as of v14.0.0: If a database conversion error occurs during an import, then the resulting faulty database is deleted immediately an alarm is triggered in the alerting center a message is displayed in the UI with the option of viewing and downloading the conversion log continue with the original database
Set boot configuration	You must set the configuration you have just imported as the start configuration
Reboot System	In order for the configuration settings to be applied, the respective services must be restarted in the correct order. This is achieved by restarting the machine.