UTM settings and permissions for the Unified Security Portal
Last adaptation to the version: 14.0.0 (11.2024)
New:
- Note on VPN configurations with an upcoming portal version
This article refers to a Beta version
-
UTM Settings and permissions for the Unified Security Report
| The Unified Security Report provides a good overview of battery devices directly on the Unified Security Portal. For a UTM to be included there, the function must be activated on the UTM. To activate the Unified Security Report on a UTM, the USR must first be activated for the selected license. More information can be found in the Article on the Unified Security Reporting | |||
| Caption | Value | Description | UTMuser@firewall.name.fqdn 
|
|---|---|---|---|
| Status: | Service is synchronized | Synchronization status with the Unified Security Portal | |
| Privacy policy: | Yes | Consent to the privacy policy of Unified Security Reports | |
| Activated: | Yes | Activating the connection to the Unified Security Portal | |
| Interval: | WeeklyMonthly | Interval at which emails are sent in the report and thus also the reporting period in each case | |
| Recipient: | »support@anyideas.de»geschaeftsfuehrung@ttt-point.de | Email address for reports | |
Settings and authorizations of the UTM for the Unified Security Console
|
notempty Note for cluster licenses In order for both cluster members to be assigned to each other, special new licenses must be registered on both devices. Menu Button To do this, two licenses must be downloaded from the reseller portal. If no license is marked as xynnnnn-SPARE in the reseller portal (matching licenses have an identical color marking on the left side of the table), please send an email to lizenzen@securepoint.de with customer name, customer number and the serial numbers of the devices or, in the case of VMs, with the license ID. Access by then Unified Security Console must first be enabled in the UTM itself in the menu . Attention: It usually takes a few minutes, in unfavorable cases up to an hour, before the menu is displayed for the first time. The process can be shortened by executing the command on the CLI after a few minutes of runtime (the UTM must have had the opportunity to report to the license server!). system restrictions update |
UTMuser@firewall.name.fqdn 
| ||
| Caption | Value | Description |  |
|---|---|---|---|
| Privacy Policy: | Yes | The privacy policy must be accepted | |
| Activated: | Yes | This activates the Unified Security Console - and thus the display, configuration and access via the Securepoint Unified Security portal. | |
| Authentication method: | Authentication method for a web session | ||
| PIN: | •••••••• | As authentication for a web session, a 6-digit PIN can be selected instead of the login mask with access data.
| |
| Displays the Websession PIN | |||
| Creates a new PIN | |||
| The entered PIN is incorrect | After 5 (default value value can be changed in the CLI with the extc variable SESSIONAUTH_MAXRETRY extc value set application ‘spcloudpuppet’ variable ‘SESSIONAUTH_MAXRETRY’ value ‘5’ The PIN can be unblocked again when logging in to the UTM itself. | ||
Actions that can only be executed with a PIN:
| |||
Detailed authorizations
| On the UTM under Authorizations, the authorizations of the Unified Security Console for the UTM can be activated On or deactivated Off in detail: | ||
| USC authorization | Description |  |
|---|---|---|
| Status | Allow insight into system and memory utilization via the USC | |
| PIN-protected actions | Allow PIN-protected actions from the USC. These include:
| |
| One-time update | Allow configuration of one-off updates from the USC | |
| Websession | Allow opening a web session to access the UTM configuration interface from the USC | |
| Security Scan | Security Scan zur Aufdeckung von Fehlkonfigurationen aus der USC zulassen | |
| UTM profiles | Allow the use of UTM profiles from the USC. Can be configured more precisely using the following authorizations: | |
| Open | This icon next to UTM-Profile displays the individual UTM profiles tabs, which can then be activated On or deactivated Off
| |
| Cloud-Backup | Allow configuration of cloud backups via the USC | |
| Systemmeldungen | Festlegung des Empfängers von Systemmeldungen über die USC zulassen | |
| DNS-Server | Konfiguration der externen DNS-Server über die USC zulassen | |
| Zeit-Einstellungen | Einstellung von NTP-Server und Zeitzone über die USC zulassen | |
| Administration | Allow aconfiguration of dministrative access via the USC Host name, IP addresses or networks from which the admin station interface of the UTM may be accessed. Configuration on the UTM in the menu Area Adminstration | |
| Systemweite GeoIP Sperrungen | Blockierung von IPs auf Länderbasis über die USC zulassen | |
| Firmware-Updates | Konfiguration von regelmäßigen automatischen Updates über die USC zulassen | |
| TIF (Cyber Defense Cloud) | IP-Zugriffe auf potentiell gefährliche Gegenstelle protokollieren oder blocken über die USC zulassen | |
| Data protection | Allow configuration of the anonymization of UTM applications via the USC | |
| Fail2Ban | Allow configuration of Fail2Ban via the USC | |
| Cloud Shield | Allow configuration of Cloud Shield via the USC | |
Deletes the local Cloud Shield configuration The configuration is normally carried out via the USC to ensure synchronization and should only be carried out here in exceptional cases. If Cloud Shield is to be reactivated, it must be ensured that the authorization is set on the UTM side. A new transfer of the configuration to the UTM must then be triggered in the USC by changing the Cloud Shield or UTM profile. | ||
| VPN configuration (ASC) | Allow the use of VPN configuration profiles from the USC | |
| All VPN configurations for this UTM can be deleted using this button | ||