From UTM version 12.6.2, the option Apply USC profiles must be active Yes under USC for Unified Security Console so that USC profiles can be applied to UTMs.
Profiles allow several UTMs to assign specific events.
Initially, there is the option to perform an automatic update when a new version is available on the UTM.
Profiles
Add profile
Creates a new profile. Existing profiles can be edited by clicking on the profile tile.
General
General - Local profiles
Local profiles
Caption
Description
Profile details
Name
Update weekdays 5 am
Meaningful name displayed on the profile tile
Priority
5Default
The higher the number, the higher the priority. This is only used if a device is assigned to multiple profiles.
Cross-tenant profile
Remains disabled for local profiles
UTMs
×TTT-Point AG I×TTT-Point AG II
Available UTMs can be selected in the clickbox
Tags
The profile is assigned to all UTMs that have at least one of these tags
Comment
Comment field for additional descriptions
Cross-tenant profiles
General - Cross-tenant profiles
Cross-tenant profiles are marked as such in the overview. In the tenants themselves, a copy of these profiles is displayed with the feature Generated. The copy cannot be edited. Editing is only possible in the profile in which it was created.
Caption
Value
Description
Cross-tenant profile
Name
Update weekdays 5 am
Meaningful name displayed on the profile tile
Priority
5Default
The higher the number, the higher the priority. This is only used if a device is assigned to multiple profiles.
Cross-tenant profile
This profile affects the active tenant (reseller or parent company) and all subsequently selected clients
Tenants
×TTT-Point AG×Westernhagen GmbH
Tenants to which the profile in addition to the own tenant is to be applied
Select all
Adds all tenants
Tags
×utms
The profile is applied to all UTMs with this tag across all tenants.
By defaultall UTMs have the tag ×utms
Comment
Comment field for additional descriptions
Cloud-Backup
Cloud-Backup notempty
New as of: 1.23.1
If is activated, a time frame can be specified in which the boot configuration of the UTM is saved on a Securepoint cloud server. notempty
These settings can only be applied to UTMs from version 12.6.2.
Daily from: xx o'clock
00:00
Setting the time at which the cloud backup starts.
Password
Password
Password
Server settings
Server settings notempty
New as of: 1.23.1
notempty
These settings can only be applied to UTMs from version 12.6.2.
Firewall
Global contact person
The name of the administrator or organization is entered in this field, which is later specified in the UTM error messages for queries.
Global email address
Important system messages are sent to this email address. The email address entered must be correct.
Language of the reports
German
The important system messages are sent in this language. Alternatively, English can also be selected.
DNS-Server
Check nameserver before local cache
The local cache of the UTM first answers the DNS queries (corresponds to 127.0.0.1 as the primary name server. When activation, the name servers entered here will check the name resolution before the local cache of the UTM.
Primary nameserver
The IP addresses of two external nameservers to which the UTM should forward the DNS queries can be entered here.
DNS servers that can be reached via the external interface should be entered here.
notempty
Please do not enter a DNS server from your own internal network.
Secondary nameserver
The IP addresses of two external nameservers to which the UTM should forward the DNS queries can be entered here.
DNS servers that can be reached via the external interface should be entered here.
notempty
Please do not enter a DNS server from your own internal network.
Time settings
NTP-Server
The NTP server that the UTM uses for time synchronization.
Time zone
Europe/Berlin
The time zone in which the UTM is located.
Administration
Enable administrative access for:
Host names, IP addresses and networks can be enabled for administration. The network with the "internal" zone is always enabled.
Global GeoIP
Global GeoIP notempty
New as of: 1.23.1
When is activated, GeoIP is activated. notempty
These settings can only be applied to UTMs from version 12.6.2.
Sources
System-wide rejected sources
IP addresses can be assigned to a country via the associated IP networks, the organizations and institutions to which they are assigned. Countries stored here are active for source GeoIP blocking.
Exceptions
IPs stored here are excluded from source GeoIP blocking.
Destinations
System-wide rejected destinations
IP addresses can be assigned to a country via the associated IP networks, the organizations and institutions to which they are assigned. Countries stored here are active for destination GeoIP blocking.
Exceptions
IPs stored here are excluded from the destination GeoIP blocking.
Global VPN-Settings
Global VPN-Settings notempty
New as of: 1.23.1
notempty
These settings can only be applied to UTMs from version 12.6.2.
Primary nameserver
Primary nameserver which is used for the VPN tunnel clients.
Secondary nameserver
Secondary nameserver which is used for the VPN tunnel clients.
Firmware-Updates
Firmware-Updates
Firmware update settings
If is activated, the firmware update settings can be defined. notempty
From UTM version 12.6.2, the setting for automatic updates on the UTM is configured by the profiles. For these UTM versions, it is possible to set that an additional endpoint must be accessible before the new UTM version is finalized after the test run.
notempty
For UTMs with an older version, the update is triggered via the Unified Security Console. With this type of update, no additional check endpoint can be specified for the finalization. The UTM is finalized automatically after the test run and the establishment of the cloud connection.
Tab "Automatic updates"
Automatic updates
Upon activation , a timeframe can be specified in which updates will perform automatically.
The UTM searches for updates on its own and downloads them if available
Updates are typically distributed over a period of 1-2 weeks. It is possible that one UTM may already have an update while another UTM in the same network has not yet received one.
Updates are not activated automatically in general. The function in the USC portal creates a job in the portal that triggers a time-controlled update.
The update job performs the following steps:
system upgrade dryrun
system upgrade confirm privacy
system upgrade confirm eula
system upgrade finalize
notempty
During the update process, the UTM will be restarted. All connections to the UTM (e.g. VPN, SSH) will be interrupted.
notempty
Finalizing is not necessary in the end. The update will remain even after a later restart.
Period
MoDiMiDoFrSaSo
Selection of the weekdays on which an update can be performed notempty
The option 1x per month is not available on the UTM and is therefore no longer displayed here. If the option was previously used, it will continue to be used until a change is made in the firmware update area in the portal or on the UTM from v12.6.2.
from 00:00 (UTC)
Time period within which an update should be performed, if applicable
The update is triggered by the portal. For better load balancing, only one time period can be selected within which the process is started.
The time is given in UTC. UTC does not use daylight saving time!
Additional audit endpoint
Additional audit endpoint notempty
New as of: 1.23.1
notempty
These settings can only be applied to UTMs from version 12.6.2.
URL
URL
Before a dry run is started and also after an update has been installed and started (but before the update is finalized), the appliance will test whether the Securepoint update server can be reached.
Another endpoint (host name or IP address and port) can be specified here, the accessibility of which is also tested.
A TCP handshake to a service on the specified server is checked.
If a test fails, no firmware update is carried out (if necessary by rolling back to the previous version).
Port
443
Jobs
Jobs
The Jobs tab is only displayed for existing profiles
Once a UTM has downloaded an automatic update, it reports this to the portal
The portal creates a job that starts the update at the specified time