Cloud-Backup

In addition to a local backup of the configuration or via the Unified Security Console, UTM offers the possibility to store a backup of the boot configuration on our cloud servers.

• Installed and licensed UTM
• Internet access

Cloud-Backup Passwort setzen UTMuser@firewall.name.fqdnConfiguration management

• Login on the administration interface of the firewall (in the delivery state: https://192.168.175.1:11115).
  • If the installation wizard was previously run, the correct IP address must be used
  • Port of the administration interface is 11115 in the default state
• Configure the cloud backup in the menu Configuration  Area Cloud Backup

In the Securepoint Reseller Portal it is possible to view a list of available backups for a specific license. The information can be found on the detail page of the license (column "Licensee", if you are on the profile page).
However, a download of the configuration is only possible

• from an appliance with the corresponding licence key
• in the Unified Security Console (USC) the license(s) in question can be found in the "Serial numbers" column (see figure opposite).

To import the configuration of a cloud backup after a Reset to factory settings the following steps are necessary:
A previous download of the configuration file is not required, but the UTM needs access to the Internet to access the cloud backups.

• Login to the admin interface of the UTM (IP address of the UTM with port specification, usually 11115
  Example https://192.168.175.1:11115
• Updating the firewall name
• Importing a license file
• Setting up an Internet connection
• The cloud backups are assigned via the license.
  Once the UTM has been able to connect to the Securepoint license server, existing backups can be imported to the UTM in the Configuration Cloud Backup menu.
• The can be used to set the restored version as the future startup version.
• loads the configuration as the currently used version.

• Make the UTM accessible in the network, open the admin interface and run the basic setup.

}}

---

Integration into the local network

Adjust IP addresses of the UTM via CLI

If administration via the CLI is not an issue, the IP adresses can be provided directly to the UTM via CLI
The monitor and keyboard is connected directly to the UTM.
The login is done on the console.

To be able to administer the UTM, the admin interface must be accessed via the IP of the UTM and the port of the admin interface via the interface LAN2.
In the factory settings, the UTM can be reached via https://192.168.175.1:11115.
If the IP or the interface cannot be reached from the local network, changes must be made.

1. Connecting keyboard and monitor directly to the UTM
2. Log in to the UTM: Username Admin / Password: insecure
3. the Command Line Interface appears.
4. change network configuration:
   1. Determine the existing interfaces: interface get
   2. Determine the ID of the IP addresses: interface address get
      LAN2 corresponds to the internal interface through which the admin interface can be reached.
      The ID is needed for changing the IP address in the next step.
   3. Change the interface IPs: interface address set id 1 address 192.168.12.1/24
      system update interface (desired IP of the internal network with subnet mask)
   4. Activate an interface: interface address new device LAN1 or A0 address 192.168.x.y/24
      system update interface
5. Set up administration access:
   In the factory settings, access to the admin interface of the UTM is only possible via the internal interface LAN2. If the admin interface is to be accessible via another interface, the IP of the host (or a net IP with subnet mask) must be released:
   manager new hostlist 192.168.168.0/24
   system update rule Here: All hosts in the network 192.168.168.0 (no matter at which interface) can access the admin interface
   Attention: If e.g. the IP 192.168.175.1 is at LAN1 or A0 and the admin interface should be called from a computer in the network at LAN1, the IP 192.168.175.x must be released extra nevertheless.

Adjust the IP address of your own computer

The IP address of your own computer is temporarily adapted to the default network of the internal interface of the UTM.

This is followed by connecting your own computer to interface A1 (the internal interface) of the UTM.

This is how it works

Change IP address on Windows

• Display of network connections:
   r  ncpa.cpl

  ↵
• Show status of Ethernet connection with double click
• Show properties of the interface
• Show properties of the TCP/IPv4 connection
• Set IP address:
  • IP address:192.168.175.2
  • Subnet mask:255.255.255.0
  • Default gateway:192.168.175.1 (=Default address of the internal interface of the UTM)

Display of the network interface:

• Access via desktop display:
  • Click on the network icon in the taskbar next to the clock
  • Click on Network and Internet settings.
  • Click on Change adapter options.
• Access by command:
  • Windows key  r  ncpa.cpl
• Double-click on the interface used to display the status of the ethernet connection

• In the status click on the button Properties

• Select the entry Internet Protocol, Version 4 (TCP/IPv4) in the properties.
• Click Properties button

• Select entry Use the following IP address:
• Set IP address:
  • IP address:192.168.175.2
  • Subnet mask:255.255.255.0
  • Default gateway:192.168.175.1 (=Default address of the internal interface of the UTM)

Change IP address on Linux

Please refer to the corresponding documentation of the used distribution.

Examples for Ubunutu:

• Opening the terminal
• Identify the name of the interface: ip a
• Change IP address: (In the example enp0s3 is the interface used: sudo ip address add 192.168.175.2/24 dev enp0s3

Change IP address on a MAC

Change IP address on a MAC

• Menu System settings / network
• Configure IPv4: Manuell select in the dropdown menu
• IP address:192.168.175.2
• Subnet mask:255.255.255.0
• Router:192.168.175.1 (=Default address of the internal interface of the UTM)
• Button:Apply

notempty

After finishing the installation wizard and rebooting, the UTM is located in another network.
For further configuration, the IP address of your own computer must then be changed again.

Setting the original IP address:

• Fixed IP Addresses: Enter as described above
• Enable DHCP:
  • Windows: Properties Internet Protocol Version 4 (TCPIPv4) → select Obtain an IP address automatically
  • Linux: Example for Ubuntu: sudo ip address del 192.168.175.2/24 dev enp0s3
    sudo dhclient enp0s3
    If necessary, refer to the documentation of the distribution used.
  • MAC: coming soon...

First access

If not already done, the following connections must be made now physically:

• Connect interface for the external interface (A0) towards the Internet (modem, router, etc.).
• Connect the internal interface (A1)
  • with your own computer, if the IP address has been adjusted on it.
  • to the network from which the UTM is to be administered, if the IP address of the UTM has been adjusted.

The admin interface is available at port 11115. Access:
https://192.168.175.1:11115 (Default) or
https://172.16.0.1:11115, if the IP address of the UTM was changed to 172.16.0.1

When the admin interface is called up for the first time, a certificate warning appears in the browser.
Since the browser doesn't know the certificate of the UTM, a security warning is issued.
This warning must be ignored.

Message in Firefox: Warning: Potential security risk ahead
Button Advanced / Accept the risk and continue

Message in Chrome / Chromium: This is not a secure connection. At the end click on Continue to IP address (unsure) .

Message in Edge: Your connection isn't private. At the end click on Continue to IP address (unsure) .

Message in Safari:
Button Show details / Link Open this website

First registration
Caption	Value	Description	Login, UTM not yet licensed
User	admin	Login with the default login information of the factory settings: admin
Password	insecure	Login with the default login information of the factory settings: insecure
Login (Admin)
Agree to license agreement and privacy policy
Accept		The license agreement and privacy policy must be accepted by clicking the button.	DAT... UTM Ablehnen Accept The privacy policy must be agreed to. LIZ... UTM Ablehnen Accept The license agreement must be agreed to.
Basic configurations
Firewall name	firewall.ttt-point.local	An individual firewall name must be assigned. The name should correspond to an FQDN.	Basic configurations UTMuser@firewall.name.fqdn License agreement Log out Basic configurations The fields displayed may vary depending on what information is already available on the UTM
System time	yyyy-mm-dd hh-m--ss	The system time should be correct. It is compared with other servers, e.g. for user authentication (Kerberos, OTP, etc.). If the deviation is too large, for example, login will not be possible.
License key	Browse...	Import valid license. Each license key may only be used once. The UTM is identified via this and various services and configurations are assigned via the license key.
Global email address: notempty New as of v12.4.4	admin@ttt-point.de	Required information e.g. for the mail connector and the proxy. Also serves as postmaster address for the mail relay.
Authentication method: notempty New as of v12.5.1	PIN (recommended)Login mask	Authentication method for Web sessions via USC Der Webession-PIN sichert auch die Benutzung der folgenden Aktionen im Rahmen der USC ab: Neustarten Herunterfahren Werkseinstellungen Einspielen von Cloud-Backups Wenn der PIN nicht genutzt wird, sind diese Aktionen nicht aus dem Unified Security Portal aufrufbar.
PIN: notempty New as of v12.5.1		PIN as additional security for Websessions No number sequences or duplications are allowed
		Creates a secure PIN
License agreement		Displays the license agreement
Privacy policy		Displays the privacy policy
Log out		Logs off again. No settings are saved!
Complete		Completes the login process and opens the Welcome window.
Welcome
Basic settings are completed with the welcome dialog.			Welcome UTMuser@firewall.name.fqdn Installation wizard Start tour Welcome dialog
Installation wizard		Starts the Installation Wizard.
Start tour		Starts a tour that explains the admin interface and menus in 15 steps.

• Close the welcome dialog with × in the title bar without starting the tour or the installation wizard.
• New firmware versions may have already been released between production of a UTM and its deployment.
  It is possible that a cloud backup was created with a newer version than what is currently installed on newly deployed hardware. Therefore, it is advisable to check for a Firmware Update before applying a cloud backup to new hardware. Menu Extras Firmware Updates
• Then proceed as for a Restore to factory settings.