Jump to:navigation, search
Wiki
































De.png
En.png
Fr.png






Profiles for UTMs in the Unified Security Console
Last adaptation to the version: 1.23.1
New:
Last updated: 
03.2024
notempty
This article refers to a Resellerpreview
Access: portal.securepoint.cloud  Unified Security Console Profiles



Function description

notempty
From UTM version 12.6.2, the option Apply USC profiles must be active Yes under USC for Unified Security Console so that USC profiles can be applied to UTMs.
Video: UTM Update Management
Profiles allow several UTMs to assign specific events.

Initially, there is the option to perform an automatic update when a new version is available on the UTM.



Profiles

 Add profile Creates a new profile.
Existing profiles can be edited by clicking on the profile tile.

General

General  - Local profiles
Local profiles
Caption Description USC v1.23 Profile Allgemein-en.png
Profile details
Name Update weekdays 5 am Meaningful name displayed on the profile tile
Priority 5Default The higher the number, the higher the priority. This is only used if a device is assigned to multiple profiles.
Cross-tenant profile Remains disabled for local profiles
UTMs ×TTT-Point AG I ×TTT-Point AG II Available UTMs can be selected in the clickbox
Tags     The profile is assigned to all UTMs that have at least one of these tags
Comment     Comment field for additional descriptions
Cross-tenant profiles
General  - Cross-tenant profiles

  • Cross-tenant profiles are marked as such in the overview.
    In the tenants themselves, a copy of these profiles is displayed with the feature Generated. The copy cannot be edited. Editing is only possible in the profile in which it was created.
  • Caption Value Description USC v1.23 Profile Allgemein Cross-Tenant-en.png
    Cross-tenant profile
    Name Update weekdays 5 am Meaningful name displayed on the profile tile
    Priority 5Default The higher the number, the higher the priority. This is only used if a device is assigned to multiple profiles.
    Cross-tenant profile    This profile affects the active tenant (reseller or parent company) and all subsequently selected clients
    Tenants ×TTT-Point AG ×Westernhagen GmbH Tenants to which the profile in addition to the own tenant is to be applied
     Select all Adds all tenants
    Tags ×utms The profile is applied to all UTMs with this tag across all tenants.
  • By default all UTMs have the tag ×utms
  • Comment     Comment field for additional descriptions

    Cloud-Backup

    Cloud-Backup notempty
    New as of: 1.23.1
    If    is activated, a time frame can be specified in which the boot configuration of the UTM is saved on a Securepoint cloud server. notempty
    These settings can only be applied to UTMs from version 12.6.2.
    USC v1.23 Profile Cloud-Backup-en.png
    Daily from: xx o'clock 00:00 Setting the time at which the cloud backup starts.
    Password Password Password

    Server settings

    Server settings notempty
    New as of: 1.23.1
    notempty
    These settings can only be applied to UTMs from version 12.6.2.
    Firewall
    Global contact person     The name of the administrator or organization is entered in this field, which is later specified in the UTM error messages for queries. USC v1.23 Profile Servereinstellungen-en.png
    Global email address     Important system messages are sent to this email address. The email address entered must be correct.
    Language of the reports German The important system messages are sent in this language.
    Alternatively, English can also be selected.
    DNS-Server
    Check nameserver before local cache The local cache of the UTM first answers the DNS queries (corresponds to 127.0.0.1 as the primary name server.
    When    activation, the name servers entered here will check the name resolution before the local cache of the UTM.
    Primary nameserver     The IP addresses of two external nameservers to which the UTM should forward the DNS queries can be entered here.
  • DNS servers that can be reached via the external interface should be entered here.
  • notempty
    Please do not enter a DNS server from your own internal network.
    Secondary nameserver     The IP addresses of two external nameservers to which the UTM should forward the DNS queries can be entered here.
  • DNS servers that can be reached via the external interface should be entered here.
  • notempty
    Please do not enter a DNS server from your own internal network.
    Time settings
    NTP-Server     The NTP server that the UTM uses for time synchronization.
    Time zone Europe/Berlin The time zone in which the UTM is located.
    Administration
    Enable administrative access for:     Host names, IP addresses and networks can be enabled for administration. The network with the "internal" zone is always enabled.

    Global GeoIP

    Global GeoIP notempty
    New as of: 1.23.1
    When    is activated, GeoIP is activated. notempty
    These settings can only be applied to UTMs from version 12.6.2.
    USC v1.23 Profile Globale-GeoIP-en.png
    Sources
    System-wide rejected sources     IP addresses can be assigned to a country via the associated IP networks, the organizations and institutions to which they are assigned. Countries stored here are active for source GeoIP blocking.
    Exceptions     IPs stored here are excluded from source GeoIP blocking.
    Destinations
    System-wide rejected destinations     IP addresses can be assigned to a country via the associated IP networks, the organizations and institutions to which they are assigned. Countries stored here are active for destination GeoIP blocking.
    Exceptions     IPs stored here are excluded from the destination GeoIP blocking.

    Global VPN-Settings

    Global VPN-Settings notempty
    New as of: 1.23.1
    notempty
    These settings can only be applied to UTMs from version 12.6.2.
    Primary nameserver     Primary nameserver which is used for the VPN tunnel clients. USC v1.23 Profile Globale-VPN-Einstellungen-en.png
    Secondary nameserver     Secondary nameserver which is used for the VPN tunnel clients.

    Firmware-Updates

    Firmware-Updates
    Firmware update settings If    is activated, the firmware update settings can be defined. notempty
    From UTM version 12.6.2, the setting for automatic updates on the UTM is configured by the profiles. For these UTM versions, it is possible to set that an additional endpoint must be accessible before the new UTM version is finalized after the test run.
    notempty
    For UTMs with an older version, the update is triggered via the Unified Security Console. With this type of update, no additional check endpoint can be specified for the finalization. The UTM is finalized automatically after the test run and the establishment of the cloud connection.
    USC v1.23 Profile Firmware-Updates-en.png
    Tab "Automatic updates"
    Automatic updates Upon activation   , a timeframe can be specified in which updates will perform automatically.
    • The UTM searches for updates on its own and downloads them if available
  • Updates are typically distributed over a period of 1-2 weeks.
    It is possible that one UTM may already have an update while another UTM in the same network has not yet received one.
    • Updates are not activated automatically in general.
      The function in the USC portal creates a job in the portal that triggers a time-controlled update.
    • The update job performs the following steps:
      • system upgrade dryrun
      • system upgrade confirm privacy
      • system upgrade confirm eula
      • system upgrade finalize

        notempty

        During the update process, the UTM will be restarted.
        All connections to the UTM (e.g. VPN, SSH) will be interrupted.
        notempty
        Finalizing is not necessary in the end.
        The update will remain even after a later restart.

    Period Mo Di Mi Do Fr Sa So Selection of the weekdays on which an update can be performed notempty
    The option 1x per month is not available on the UTM and is therefore no longer displayed here. If the option was previously used, it will continue to be used until a change is made in the firmware update area in the portal or on the UTM from v12.6.2.
    from 00:00 (UTC) Time period within which an update should be performed, if applicable
    The update is triggered by the portal.
    For better load balancing, only one time period can be selected within which the process is started.
      
  • The time is given in UTC. UTC does not use daylight saving time!
  • Additional audit endpoint
    Additional audit endpoint notempty
    New as of: 1.23.1
    notempty
    These settings can only be applied to UTMs from version 12.6.2.
    URL URL Before a dry run is started and also after an update has been installed and started (but before the update is finalized), the appliance will test whether the Securepoint update server can be reached.
    Another endpoint (host name or IP address and port) can be specified here, the accessibility of which is also tested.
    A TCP handshake to a service on the specified server is checked.
      

    If a test fails, no firmware update is carried out (if necessary by rolling back to the previous version).

    USC v1.23 Profile Firmware-Updates Zusätzlicher-Prüfungs-Endpunkt-en.png
    Port 443

    Jobs

    Jobs
  • The Jobs tab is only displayed for existing profiles
    • Once a UTM has downloaded an automatic update, it reports this to the portal
    • The portal creates a job that starts the update at the specified time
    USC v1.12 Profile Jobs.png
    Tab Jobs

    USC v1.12 Profile Jobs erledigt-en.png
    Executed job with log

      Save Saves the information and closes the dialog
    Close Closes the dialog without saving the information