Appliance Settings

Global settings of the UTM

Last adaptation to the version: 14.0.0

New:

Several NTP server can be stored

notempty

This article refers to a Resellerpreview

12.6 12.2 11.6.12 11.7

Caption	Value	Description	Appliance Settings UTMuser@firewall.name.fqdnNetwork Appliance Settings
Firewall Firewall
Firewall Name:		Full Qualified Domain Name-Compliant firewall name. Here you can define how the UTM responds to requests. If the mail relay is to be used, it may be useful to enter the FQDN of the mail exchange (MX) here so that other mail servers can match it using the reverse resolution of the PTR resource record (PTR). Read out: `extc global get variable "GLOB_HOSTNAME"` Set: `extc global set variable "GLOB_HOSTNAME" value "utm.firma.local"`
Global contact person:		This field is used to enter the name of the administrator or organization that will later be specified in the UTM error messages for queries.
Global email address:		An email address is entered here to which mails can be sent that otherwise cannot be delivered. Otherwise, undeliverable mails remain on the hard disk space, which can lead to the fact that the available space is no longer sufficient at some point and no more mails will be accepted. As of version v12.4.2 have an email address has to be stored here. Otherwise the mail connector and proxy will not start! A global email address will be requested when logging in. notempty The global email address is also the postmaster address for the mail relay. Read out: `extc global get variable "GLOB_ADMIN_EMAIL"` Set: `extc global set variable "GLOB_ADMIN_EMAIL" value "utm-admin@ttt-point.de"`
Report language:	German	Language in which UTM reports are sent. Alternatively to choose: English
DNS-Server DNS-Server
Check Nameserver prior to local cache:	Off (Default)	The local cache of the UTM initially answers the DNS queries (corresponds to 127.0.0.1) as the primary name server. On activation, the name servers entered here will check the name resolution before the local cache of the UTM.
Primary Nameserver: Secondary Nameserver:		The IP addresses of two external name servers to which the UTM should forward the DNS queries can be entered here. DNS servers that can be reached via the external interface should be entered here. notempty Please do not enter a DNS server from your own internal network.
Time Settings Time Settings
Current Date:	2020-20-32 25:00:20	The current time can also be entered manually. Refreshes the display. In the interaction of servers, VPN connections and especially with OTP authentication, it is important that all components are synchronized in time.
NTP-Server: notempty updated: Multiple entries possible	»ntp.securepoint.de	The required NTP servers can be entered here. Entering an IP address can avoid problems with DoT and DNSSEC.
Timezone:	Europe/Berlin	Correct time zone
Webserver Webserver
If the port for the admin or the user interface is set to a well known port (ports 0-1023), access by the browser can be blocked! Access may still be possible: The start of e.g. Google Chrome or Edge is done with the start parameter --explicitly-allowed-ports=xyz. For Firefox, a string variable with the value of the port to be released is created in the configuration (about:config in the address bar) under network.security.ports.banned.override. It is possible to create a temporary policy for chromium-based browsers to allow its use. This is strongly discouraged for safety reasons! Error message in Chome / Edge: ERR_UNSAFE_PORT Error message in Firefox: Error: Port blocked for security reasons
Administration Webinterface Port:	11115	Port to reach the administration interface (which is used e.g. to display the web page shown in the image. In delivery state: 192.168.175.1:11115
User Webinterface Port:	443	Port to reach the user interface. This is used for example to access filtered mails and VPN configurations. notempty The user interface port must be changed if port 443 (HTTPS) is used for the reverse proxy. notempty The user interface port must be changed if port 443 (HTTPS) is forwarded.
Certificate:		Without a dedicated selected certificate, the default certificate of the UTM is used, which was issued by the default CA: firewall.foo.local If the UTM should be recognized by the browser with a valid certificate, proceed as follows: Create a CA ( Authentication Certificates Area CA Button Add CA) Export the public part of the CA Create Certificate (Certificates Button Add Certificate Select the CA that was exported in step 2 as the CA Alias DNS FQDN - Name of the UTM , as in Network Firewall Area Server Settings section Firewall field firewall name: entered Multiple entries are possible! AliasIP IP Address IP address under which UTM can be reached. Several entries are possible in each case! Select the just created certificate under Network Server Settings Area Server Settings Section Webserver Certificate: Import the exported CA in the browser as a certificate authority It is also possible to use ACME certificates.
Advanced Settings Advanced Settings
Maximum Active Connections:	32000	Maximum number of active connections to the UTM. This includes: Web interface SMTP SSH
Last-Rule-Logging:	SHORT - Log three entries per minute	The Last-Rule-Logging setting controls the number of messages that are written to the Syslog. NONE - Do not log SHORT - Log three entries per minute : Only the first three log messages per minute are displayed. LONG - Log everything notempty We recommend to leave the setting at short.

Firewall

DNS-Server

Time Settings

Webserver

Advanced Settings