Diagonale, rote Flächen

UTM firewall and VPN functions

Valid for all Securepoint firewall models

Quick access

Web interface
Monitoring, logging and reporting
Network functions
Traffic filter functions
Mailsecurity
Web security
Further functions
VPN functions
Notes

List of features based on version 12.6.2 as of 12.03.2024

G5 Firewall ist in einem Serverschrank eingebaut mit einer roten Beleuchtung

Firewall-Videos

Wir haben Videos für Sie zusammengestellt, in denen wir Firewall Funktionen beschreiben.

Direkt zu den Videos

Web interface

	UTM licence	VPN edition
Languages	German, English	German, English
Accessibility: Mode for colour vision deficiency	yes	yes
Dark mode	yes	yes
Audit-capable	yes	yes
Real-time monitoring functions	yes	yes
Configuration management	Multiple configurations on one system	Multiple configurations on one system
Triple firmware system for optimum security during upgrades	yes	yes
Backup management	Manually, automatically via cloud	Manually, automatically via cloud
Local administration	Web user interface, SSH, console via serial connection, monitor + keyboard	Web user interface, SSH, console via serial connection, monitor + keyboard
External administration	Unified Security Console (USC)	Unified Security Console (USC)
CLI (Command Line Interface)	Console-based management - scripting and remote management possible	Console-based management - scripting and remote management possible
Responsive design: interface adapts to browser size	yes	yes
Customisable dashboards	yes	yes

	UTM licence	VPN licence
Languages	German, English	German, English
Clientless VPN	- Browser-based connection via RDP - VNC without additional plug-ins (HTML5)	- Browser-based connection via RDP - VNC without additional plug-ins (HTML5)
SSL VPN clients (OpenVPN)	Download of automatically preconfigured SSL VPN clients	Download of automatically preconfigured SSL VPN clients
Wake on LAN	yes	yes
Change password	yes	yes
Spam management	yes, incl. authorisation system	no
Captive Portal	yes, incl. user management	no

Monitoring, logging and reporting

	UTM licence	VPN licence
Log data	yes	yes
Anonymisation of log data with regard to GDPR	yes, switched on by default	yes, switched on by default
System/services/process status	yes	yes
Hardware status	yes	yes
Network status	yes	yes
Traffic status	yes	yes
VPN status	yes	yes
User authentication status	yes	yes
Live logging	yes	yes
Syslog	- Syslog protocol support - Integrated syslog server	- Syslog protocol support - Integrated syslog server
Syslog logging	Various syslog servers via UDP and TCP	Various syslog servers via UDP and TCP
Sensors	for RMM systems	for RMM systems
Unified Security Report (USR)	Prepared status reports as a separate service	yes
Acute status reports	by mail	no
Reports	yes	no
Anonymisation of reports	yes	no

	UTM licence	VPN licence
SNMPv1	yes	yes
SNMPv2c	yes	yes
SNMPv3	yes	yes
Monitoring of the system status	yes	yes
Application status monitoring	yes	yes
Monitoring of VPN connection (IPSec, OpenVPN)	yes	yes
Monitoring network utilisation	yes	yes
Mail queue monitoring	yes	no

	UTM licence	VPN licence
Unified Security Report	yes (optional depending on licence)	yes (optional depending on licence)
Visualisation of the security status of devices and services	yes	Not applicable
Traffic and security categories	yes	Not applicable
Current risk assessments of the individual services	yes	Not applicable
Devices, licences, users	yes	Not applicable
Performance report of the systems used	yes	Not applicable
Risk assessments including recommendations for action	yes	Not applicable

Network functions

	UTM licence	VPN licence
For models (Black Dwarf, Black Dwarf Pro, RC100, RC200)	yes	yes
Internet connection via optional LTE USB kit	Internet connection via optional LTE USB kit	Internet connection via optional LTE USB kit
Fallback via optional LTE USB kit	Fallback via optional LTE USB kit	Fallback via optional LTE USB kit

	UTM licence	VPN licence
Virtual WLANs (e.g. guest networks)	yes	yes
Authentication via WPA	yes	yes
Authentication via WPA2-Enterprise	yes	yes
Authentication via WPA2-Personal	yes	yes
Authentication via WPA3-Enterprise	yes	yes
Authentication via WPA3-Personal	yes	yes
Authentication via WPA3-OWE	yes	yes
WLAN (2,4 or 5 GHz, 802.11 n/ac)	yes	yes
WLAN monitoring	yes	yes
Encryption WPA2	yes	yes
Encryption WPA3	yes	yes
Channel search	automatically	automatically
Number of SSIDs	2	2

	UTM licence	VPN licence
PPPoE (e.g. for xDSL)	yes	yes
DHCP client (e.g. for cable modem)	yes	yes
Static IP configuration	yes	yes
Load balancing	yes	yes
Bandwidth management	yes	yes
Support for dynamic DNS services (free of charge for resellers via www.spdyn.de)	yes	yes
Optional LTE / UMTS 2G, 3G, 4G (via LTE USB kit)	yes	yes

	UTM licence	VPN licence
Prefix delegation for Ethernet and PPPoE	yes	yes
IPv6 DHCP	yes	yes
Router Advertisment	yes	yes
DHCP relay, also through VPN tunnel	yes	yes
Rules for DHCP automatically for the respective interfaces	yes	yes
Configuration for external tunnel broker	yes	yes

	UTM licence	VPN licence
Source routing	yes	yes
Destination routing	yes	yes
Policy based routing	yes	yes
Multipathrouting	ja, auch im Mischbetrieb (bis zu 15 Leitungen)	yes, also in mixed operation (up to 15 lines)
NAT (Static-/Hide-NAT)	yes	yes
Virtual IP addresses	yes	yes
BGP4/OSPF/RIP	yes	yes

	UTM licence	VPN licence
DHCP relay	yes	yes
DHCP client	yes	yes
DHCP server	Dynamic & fixed leases	Dynamic & fixed leases

	UTM licence	VPN licence
Port Forwarding	yes	yes
Port Address Translation (PAT)	yes	yes
Dedicated DMZ interfaces	yes	yes

	UTM licence	VPN licence
802.1q Ethernet Header Tagging	yes	yes
Can be combined with bridging	yes	yes

	UTM licence	VPN licence
Spanning Tree (Bridge-ID, Port-Cost)	yes	yes
Number of bridges	not limited in the software	not limited in the software
Number of interfaces per bridge	not limited in the software	not limited in the software

	UTM licence	VPN licence
Prioritise automatic QoS settings based on TOS/DSCP	yes	yes
QoS/Traffic Shaping	yes, also for VPN	yes, also for VPN
Up- & download stream traffic adjustable	yes	yes

	UTM licence	VPN licence
Active-Passive High Availability (HA)	yes	yes
Synchronisation of IP connections	yes	yes
Synchronisation of the configuration	yes	yes

	UTM licence	VPN licence
Forwarder	yes	yes
Relay zones	yes	yes
Primary/Secondary zones (domain and reverse)	yes	yes
DNSSEC	yes	yes
DNS Rebinding Prevention	yes	yes
mDNS Repeater	yes	yes

	UTM licence	VPN licence
IGMP proxy available	yes	yes

	UTM licence	VPN licence
LACP	yes	yes

Traffic filter function

	UTM licence	VPN licence
Time-controlled firewall rules	yes	yes
Connection tracking	yes	yes
Time-controlled Internet connection	yes	yes
Geo IP blocking	yes	yes
Packet filter (SPI) and proxy can be combined	yes	Proxy not available
Deep Packet Inspection (DPI)	yes	no
Content/web filter	yes	no
Time-controlled content/web filters	yes	no
Supported protocols	All IP-based protocols	All IP-based protocols
Predefined rules that apply to the entire system (implicit rules)	yes	yes

	UTM licence	VPN licence
Protection against DoS/DDoS attacks	yes	yes
DNS rebinding protection	yes	yes
Portscan protection	yes	yes
Invalid network packet protection	yes	yes
IP blocking in the event of incorrect logon to UTM services (FailToBan)	yes	yes
Threat Intelligence Filter - Cloud-based filter for blocking known threats	yes	yes
Logging of potentially dangerous connections	yes	yes

	UTM licence	VPN licence
Virus scanner available	yes	no
Scan of compressed data, archives (zip etc.) and attachments	yes	Not applicable
Automatic updates	yes	Not applicable
Availability	in the http/s proxy & mail filter modules	Not applicable

Mailsecurity

	UTM licence	VPN licence
Antispam available	yes	no
Configurable filter	yes	not applicable
Virus Outbreak Detection	yes	not applicable
Virus scanner	yes	not applicable
Allow/block lists	yes	not applicable
Regular Expressions	yes	not applicable
Filter on header fields in emails	yes	not applicable
Filter for file attachments	yes	not applicable
Filter for SPF/DKIM/DMARC results	yes	not applicable
Filter for HTTP links in emails	yes	not applicable
Filter on hashes of known emails	yes	not applicable
Filter for fake URLs	yes	not applicable
URL content filter (blocking of categories such as Danger, Hacking, Pornography etc.)	yes	not applicable
Quarantine	yes	not applicable
Quarantine with rescan functionality	yes	not applicable
Marking the subject of e-mails	yes	not applicable

	UTM licence	VPN licence
Supported protocols	SMTP/S	not applicable
Supported STARTTLS	yes	not applicable
Authentication	- Active Directory - LDAP - Local user database - Entra ID	not applicable
Check for SPF/DKIM/DMARC	yes	not applicable
Check for greeting pause, HELO and reverse DNS	yes	not applicable
Protection against recipient flooding""	yes	not applicable
Rate control	yes	not applicable
Greylisting with allowlists of e-mail addresses and domains	yes	not applicable
Allow-/Blocklists	yes	not applicable
E-mail address validation directly via SMTP protocol	yes	not applicable
Forcing TLS	yes	not applicable
DKIM Signing	yes	not applicable
Smarthost with authentication	yes	not applicable

	UTM licence	VPN licence
Supported protocols	- IMAP/S (external) - POP3/S (external) - SMTP/S (internal)	not applicable
Authentication	OAuth2 provider (e.g. for Google Workspace and Microsoft 365)	not applicable

	UTM licence	VPN licence
POP3 proxy available	yes/ transparent	no
Supported protocols	POP3 (internal), POP3/S (external)	not applicable

Web security

	UTM licence	VPN licence
HTTP proxy integrated	yes	no
Protocols	HTTP & HTTPS	not applicable
SNI support	yes	not applicable
Transparent mode	HTTP & HTTPS	not applicable
Authentication	- Active Directory (Kerberos, NTLM, Basic-Auth) - LDAP (Basic-Auth) - Local user database (Basic-Auth) - Radius	not applicable
URL filter	yes	not applicable
Web filter	yes	not applicable
Antivirus	yes	not applicable
Access control	Profile-based access control based on IP addresses or user groups	not applicable
Bandwidth limitation possible	yes	not applicable

	UTM licence	VPN licence
Content & web filter integrated	yes	no
Category-based website blocking with over 40 categories	yes	not applicable
Scan technology with online database	yes	not applicable
Filters	- URL filter with URL lists - Youth protection incl. BPjM filter - File-Extension/ MIME types filter - Allow/ block lists	not applicable
URL shortener	yes	not applicable
Advertising blocking	yes	not applicable
Force safesearch	yes, in combination with SSL interception	not applicable
Threat intelligence feed	yes	not applicable
Rules	- User- / group-specific rules - Time-controlled rules	not applicable

Further functions

	UTM licence	VPN licence
Authentication for all VPN protocols (incl. SSL VPN and HTTP proxy) and UTM filters	- Active Directory - LDAP - local user database - Entra ID	- Active Directory - LDAP - local user database - Entra ID
Authentication for SSL VPN and HTTP proxy	Radius	Radius

	UTM licence	VPN licence
Configuration	all settings of the UTM firewall	all settings of the UTM firewall
Local backup	yes	yes
Cloud backup	Automatic and time-based	Automatic and time-based
Encryption for cloud backup	yes	yes
Restore for cloud backup	Cloud backups can be restored and downloaded via the Unified Security Console (USC)	Cloud backups can be restored and downloaded via the Unified Security Console (USC)

	UTM licence	VPN licence
Integrated one-time password server for highly secure multi-factor authentication (MFA)	yes	yes
Procedure	TOTP	TOTP
Usable with	- Admin interface - User interface - SSL VPN - IPsec - SSH	- Admin interface - User interface - SSL VPN - IPsec - SSH

	UTM licence	VPN licence
Certificate revocation list (CRL)	yes	yes
Multi-CA support	yes	yes
Multi-host certificate support	yes	yes
Let's Encrypt/ ACME	integrated	integrated

	UTM licence	VPN licence
Support for	- Hyper-V® - VMware® (from version 4.1) - KVM	no

	UTM licence	VPN licence
Reverse proxy integrated	yes	no
Usable for	HTTP & HTTPS	not applicable
Authentication	Certificate-based	not applicable
Loadbalancing	Load balancing on internal servers	not applicable
Bandwidth management	yes	not applicable
Filters	Various filter options	not applicable
Certificate renewal	Automatically through Let's Encrypt/ ACME	not applicable

	UTM licence	VPN licence
Captive portal integrated	yes	no
HTTPS certificate	changeable	not applicable
Specification of terms of use	yes	not applicable
Dynamic rules (packet filter)	yes, for registered users	not applicable
Optional user login	yes, with user name and password	not applicable
Delegating the user administration	yes, to the user interface	not applicable
Design of the captive portal	Customisable	not applicable
Multilingual captive portal	yes	not applicable

VPN functions

	UTM licence	VPN licence
Site-to-site (network coupling)	yes	yes
End-to-Site/Roadwarrior (connection of individual devices)	yes	yes
IKE procedure	IKEv2 and IKEv1	IKEv2 and IKEv1
Encryption	We support current methods	We support current methods
Hash functions	We support current methods	We support current methods
Key exchange protocols	Diffie-Hellman (current groups), Eliptic Curve	Diffie-Hellman (current groups), Eliptic Curve
Authentication	- Preshared Keys (PSK) - X.509 certificates - RSA-Keys - MS-CHAPv2 - EAP-TLS	- Preshared Keys (PSK) - X.509 certificates - RSA-Keys - MS-CHAPv2 - EAP-TLS
User authentication	- Active Directory - LDAP - Local user database - Entra ID	- Active Directory - LDAP - Local user database - Entra ID
Dead Peer Detection (DPD)	yes	yes
NAT-T (MOBIKE configurable)	yes	yes
Data compression	yes	yes
Perfect Forward Secrecy (PFS)	yes	yes
Mode	Route- und Policy-Mode VPN	Route- und Policy-Mode VPN

	UTM licence	VPN licence
Site-to-site (network coupling)	yes	yes
End-to-Site/Roadwarrior (connection of individual devices)	yes	yes
Authentication	- Active Directory - LDAP - local user database - Entra ID - Radius	- Active Directory - LDAP - local user database - Entra ID - Radius
Encryption	We support current methods	We support current methods
Hash functions	We support current methods	We support current methods
Mode	Routing mode VPN	Routing mode VPN
X.509 certificates	yes	yes
TCP/UDP and ports	changeable	changeable
Data compression	yes	yes
TLS Crypt	yes	yes
Export of configurations	possible with end-to-site	possible with end-to-site
Securepoint SSL VPN Clients	- iOS / iPadOS - Android - Windows	- iOS / iPadOS - Android - Windows

	UTM licence	VPN licence
Site-to-site (network coupling)	yes	yes
End-to-Site/Roadwarrior (connection of individual devices)	yes	yes
Key exchange	Curve25519 (ECDHE)	Curve25519 (ECDHE)
Encryption of user data	ChaCha20 & Poly1305	ChaCha20 & Poly1305
Hash function	BLAKE2s	BLAKE2s
Authentication	- x25519 key - PSK	- x25519 key - PSK
Mode	Routing mode VPN	Routing mode VPN
UDP Port	selectable at will	selectable at will

	UTM licence	VPN licence
Self-service for configuration file	yes (user interface)	yes (user interface)
Admin rights required to establish the connection	no	no

	UTM licence	VPN licence
Connection	RDP / VNC over https	RDP / VNC over https
Plugin necessary?	No, HTML5 based	No, HTML5 based
Authentication	- Active Directory - LDAP - lokale User-Datenbank - Entra ID - Radius	- Active Directory - LDAP - lokale User-Datenbank - Entra ID - Radius
Encryption	SSL encryption	SSL encryption
Access via	User interface	User interface

Note:

Not every feature can be combined with every other feature.
The list of features is based on version 12.6.2 as of 12.03.2024. We reserve the right to make changes at any time, but in particular for security reasons without prior notice.
We support current procedures (TLS / encryption)

Videos zu unseren Firewall Funktionen

By submitting, you agree explicitly that data will be transmitted to Vimeo

Activate once Activate permanently

By submitting, you agree explicitly that data will be transmitted to Vimeo

Activate once Activate permanently

By submitting, you agree explicitly that data will be transmitted to Vimeo

Activate once Activate permanently

By submitting, you agree explicitly that data will be transmitted to Vimeo

Activate once Activate permanently

By submitting, you agree explicitly that data will be transmitted to Vimeo

Activate once Activate permanently

By submitting, you agree explicitly that data will be transmitted to Vimeo

Activate once Activate permanently

By submitting, you agree explicitly that data will be transmitted to Vimeo

Activate once Activate permanently

By submitting, you agree explicitly that data will be transmitted to Vimeo

Activate once Activate permanently

By submitting, you agree explicitly that data will be transmitted to Vimeo

Activate once Activate permanently

By submitting, you agree explicitly that data will be transmitted to Vimeo

Activate once Activate permanently

Our solutions for your company

Three different UTM firewalls in one server cabinet

UTM Firewalls

The basis of network security

High-end content filter
Double virus filter
Anti-spam functions

All firewall-models

Controller against computer virus is turned to Delete

Antivirus PRO

The antivirus for businesses

High-performance scan engine
Fast and unobtrusive
Central management

antivirus for businesses

Securepoint Mobile Security

MDM and firewall to Go

Security for smartphone and tablet
Full mobile device management
Encrypted connections

Protection for smartphone + tablet

Manage mobile devices centrally

With Mobile Device Management

Control over apps and rights
For Apple and Android
Bring your own device (BYOD)

View through an open safe door onto lockers

Reliable data backup

With Unified Backup

The last protection against ransomware
Reliable, fast, up-to-date
Server in Germany

Man and woman in an office in front of a computer

Cyber-Awareness-Training

With Awareness PLUS

Makes employees a "human firewall
Regular IT security training
Measurable learning success

Awareness PLUS Cybersecurity-Training