Securepoint RC 100 Operating and safety instructions
Securepoint 10
Securepoint
Product Overview Securepoint 10
Securepoint
Security Solutions 2
Product Overview
This manual applies to the following products:
VPN-Product
Terra VPN-Gateway
The Terra VPN-Gateway has less functions than the Securepoint UTM products.
These limitations affect the functions of the applications proxies, virus scanner, spam filter
and content filter.
If you purchase the Terra VPN-Gateway, you can easily upgrade to the Securepoint UTM
product with a registration key. At this yearly update costs are incurred. For further informa-
tion contact our sales department: vertrieb@securepoint.de
UTM Products
Terra UTM-Gateway
Piranja
RC100
RC200
RC300
RC310
RC400
RC410
Securepoint 10 for Modular Server
Securepoint 10 for VMware
All Securepoint UTM products have the full UTM function volume.
Securepoint 10
Securepoint
Security Solutions 3
Content
Product Overview .............................................................................................................. 2
VPN-Product.................................................................................................................. 2
UTM Products................................................................................................................ 2
1Introduction................................................................................................................11
Part 1 The Administration Interface ......................................................................... 12
2The Appliances..........................................................................................................13
3Positioning the Appliance...........................................................................................14
3.1 Piranja and RC 100 ............................................................................................14
3.2 RC 200...............................................................................................................15
3.3 RC 300...............................................................................................................15
3.4 RC 400...............................................................................................................16
4Administration Interface.............................................................................................17
4.1 Connecting the Appliance...................................................................................17
4.2 System Requirements for Client Computer.........................................................18
5Securepoint Cockpit...................................................................................................18
5.1 Navigation Bar....................................................................................................19
5.2 License...............................................................................................................19
5.3 System ...............................................................................................................20
5.4 Service Status ....................................................................................................21
5.5 Appliance............................................................................................................23
5.6 Interfaces............................................................................................................23
5.7 IPSec..................................................................................................................24
5.8 Downloads..........................................................................................................24
5.9 Spuva User.........................................................................................................24
5.10 SSH User............................................................................................................25
5.11 Web Interface User.............................................................................................25
5.12 DHCP Lease.......................................................................................................25
5.13 Interface Traffic...................................................................................................26
Securepoint 10
Securepoint
Security Solutions 4
5.13.1 Traffic Settings.............................................................................................26
5.13.2 Traffic Details und Traffic Zoom...................................................................27
5.14 Show Help..........................................................................................................28
5.15 Administrator IP..................................................................................................28
5.16 Refresh...............................................................................................................28
6Menu Configuration ...................................................................................................29
6.1 Configuration Management.................................................................................30
6.1.1 Save Configuration......................................................................................31
6.1.2 Import configuration.....................................................................................32
6.2 Reboot System...................................................................................................32
6.3 Halt System........................................................................................................32
6.4 Factory Defaults..................................................................................................32
6.5 Logout ................................................................................................................32
7Menu Network............................................................................................................33
7.1 Server Properties................................................................................................34
7.1.1 Server Settings............................................................................................34
7.1.2 Administration..............................................................................................35
7.1.3 Syslog..........................................................................................................36
7.1.4 SNMP..........................................................................................................37
7.1.5 Monitor Agent (AmdoSoft v4 Agent) ............................................................38
7.1.6 Cluster Settings...........................................................................................39
7.2 Network Configuration ........................................................................................40
7.2.1 Interfaces.....................................................................................................40
7.2.1.1 Add eth Interface......................................................................................42
7.2.1.2 Add VLAN Interface.................................................................................43
7.2.1.3 Add PPTP interface .................................................................................45
7.2.1.4 Add PPPoE Interface...............................................................................46
7.2.1.5 VDSL Interface hinzufügen ......................................................................47
7.2.1.6 Add Cluster Interface...............................................................................48
7.2.1.7 Edit or Delete an Interface .......................................................................50
7.2.2 Routing........................................................................................................50
7.2.2.1 Edit or Delete Routes...............................................................................51
7.2.2.2 Add Default Route....................................................................................51
Securepoint 10
Securepoint
Security Solutions 5
7.2.2.3 Add Route................................................................................................52
7.2.3 DSL Provider...............................................................................................53
7.2.3.1 Edit or Delete DSL Provider.....................................................................53
7.2.3.2 DSL Provider create.................................................................................54
7.2.4 DynDNS ......................................................................................................55
7.2.4.1 Create or Edit a DynDNS Entry................................................................56
7.2.4.2 Delete a DynDNS Entry ...........................................................................56
7.2.5 DHCP..........................................................................................................57
7.2.6 DHCP Relay................................................................................................58
7.3 Zones .................................................................................................................59
7.4 Network Tools.....................................................................................................60
7.4.1 Lookup.........................................................................................................60
7.4.2 Ping.............................................................................................................61
7.4.3 Routing Table..............................................................................................62
8Menu Firewall ............................................................................................................63
8.1 Portfilter..............................................................................................................64
8.1.1 Create Rule .................................................................................................67
8.1.1.1 Infobox Function ......................................................................................68
8.1.1.2 Tab Time..................................................................................................69
8.1.1.3 Tab Description........................................................................................69
8.1.2 Create Rule Group.......................................................................................70
8.1.3 Organize Rules and Groups ........................................................................71
8.2 Hide NAT............................................................................................................72
8.3 Port Forwarding..................................................................................................74
8.3.1 Port Forwarding...........................................................................................75
8.3.2 Port Translation...........................................................................................76
8.4 Services..............................................................................................................77
8.4.1 Delete and Edit Services..............................................................................77
8.4.2 Services Information....................................................................................78
8.4.3 Add service..................................................................................................79
8.5 Service Groups...................................................................................................80
8.5.1 Edit Existing Service Groups .......................................................................81
8.5.2 Create New Service Group..........................................................................82
8.6 Network Objects .................................................................................................83
Securepoint 10
Securepoint
Security Solutions 6
8.6.1 Network Object Information .........................................................................84
8.6.2 Add Host/Net...............................................................................................85
8.6.3 Add VPN Host/Net.......................................................................................86
8.6.4 Add User .....................................................................................................86
8.6.5 Add Interface...............................................................................................87
8.7 Network Groups..................................................................................................88
8.7.1 Network Object Information .........................................................................89
8.7.2 Network Group Information..........................................................................89
9Menu Applications .....................................................................................................90
9.1 HTTP Proxy........................................................................................................91
9.1.1 General........................................................................................................91
9.1.2 Virus scanning.............................................................................................93
9.1.3 URL Filter ....................................................................................................94
9.1.4 Block Extensions .........................................................................................96
9.1.5 Block Applications........................................................................................97
9.1.6 Content Filter...............................................................................................98
9.1.6.1 Blacklist Categories .................................................................................98
9.1.6.2 Whitelist...................................................................................................99
9.1.6.2.1 User ..................................................................................................99
9.1.6.2.2 IP Addresses...................................................................................100
9.1.6.2.3 Websites .........................................................................................101
9.1.7 Bandwidth..................................................................................................102
9.2 POP3 Proxy......................................................................................................103
9.3 Mail Relay.........................................................................................................104
9.3.1 General......................................................................................................105
9.3.2 Relaying ....................................................................................................106
9.3.3 Mail Routing...............................................................................................108
9.3.4 Greylisting .................................................................................................110
9.3.4.1 Whitelist IP address / Net.......................................................................111
9.3.4.2 Whiteliste Domains................................................................................112
9.3.4.3 Whitelist E-mail Recipients.....................................................................113
9.3.4.4 Whitelist E-mail Sender..........................................................................113
9.3.5 Domain Mapping .......................................................................................114
9.3.6 Advanced ..................................................................................................115
9.3.6.1 Greeting Pause......................................................................................116
Securepoint 10
Securepoint
Security Solutions 7
9.3.6.2 Recipient flooding ..................................................................................116
9.3.6.3 Limit max number of recipients ..............................................................116
9.3.6.4 Limit connections...................................................................................116
9.3.6.5 Rate Control...........................................................................................116
9.4 Spam Filter Properties......................................................................................117
9.4.1 General......................................................................................................117
9.4.2 Attachment Filter .......................................................................................119
9.4.3 Virusscan...................................................................................................121
9.4.4 SMTP Settings...........................................................................................122
9.4.5 SMTP Advanced........................................................................................123
9.4.6 POP3 Settings...........................................................................................124
9.5 VNC Repeater ..................................................................................................125
9.5.1 General......................................................................................................125
9.5.2 VNC Server ID...........................................................................................126
9.5.3 VNC Server IP...........................................................................................126
9.6 VoIP Proxy........................................................................................................127
9.6.1 General......................................................................................................127
9.6.2 Provider.....................................................................................................128
9.7 IDS ...................................................................................................................129
9.8 Nameserver......................................................................................................130
9.9 Service Status ..................................................................................................131
10 Menu VPN............................................................................................................132
10.1 IPSec Wizard....................................................................................................133
10.1.1 Site-to Site.................................................................................................133
10.1.2 Site-to-End (Roadwarrior)..........................................................................136
10.1.2.1 native IPSec.........................................................................................137
10.1.2.1.1 IKEv1.............................................................................................138
10.1.2.1.2 IKEv2.............................................................................................139
10.1.2.2 L2TP....................................................................................................140
10.2 IPSec Globals...................................................................................................142
10.2.1 General Settings........................................................................................142
10.2.2 IKE V2.......................................................................................................143
10.3 IPSec................................................................................................................144
10.3.1 Edit Connection.........................................................................................144
Securepoint 10
Securepoint
Security Solutions 8
10.3.1.1 Phase 1................................................................................................144
10.3.1.2 Phase 2................................................................................................146
10.4 L2TP.................................................................................................................147
10.5 PPTP................................................................................................................149
10.6 SSL VPN ..........................................................................................................151
11 Menu Authentication.............................................................................................152
11.1 Users................................................................................................................153
11.1.1 Add User Tab General...............................................................................154
11.1.2 Add User Tab VPN....................................................................................155
11.1.3 Add User Tab VPN Client..........................................................................156
11.1.4 Add User Tab Spam Filter .........................................................................157
11.1.5 Add User Tab Extras .................................................................................158
11.1.6 Add User Tab WoL....................................................................................159
11.2 External Authentication.....................................................................................160
11.2.1 Radius.......................................................................................................160
11.2.2 LDAP Server..............................................................................................161
11.2.3 Kerberos....................................................................................................162
11.3 Certificates........................................................................................................163
11.3.1 Create CA..................................................................................................164
11.3.2 Create Certificates.....................................................................................165
11.3.3 Import CA and Certificate...........................................................................166
11.3.4 Export CA and Certificate ..........................................................................166
11.3.5 Download SSL-VPN Client ........................................................................167
11.3.6 Delete CA and Certificate ..........................................................................168
11.3.7 Tab CRLs..................................................................................................169
12 Menu Extras.........................................................................................................170
12.1 CLI....................................................................................................................171
12.1.1 CLI Log......................................................................................................171
12.1.2 CLI Send Command..................................................................................172
12.2 Updates............................................................................................................173
12.2.1 Update the Firewall....................................................................................173
12.2.2 Update Virus Pattern Database .................................................................174
12.3 Changelog........................................................................................................174
Securepoint 10
Securepoint
Security Solutions 9
12.4 Registration ......................................................................................................175
12.5 Manage Cockpit................................................................................................176
12.6 Advanced Settings............................................................................................177
12.6.1 Buttons......................................................................................................177
12.6.2 IPSec.........................................................................................................178
12.6.3 Portfilter.....................................................................................................179
12.6.4 Dialup........................................................................................................180
12.6.5 Templates..................................................................................................181
12.6.6 Variables ...................................................................................................182
12.6.7 Webserver.................................................................................................183
12.7 Refresh All........................................................................................................184
12.8 Refresh Cockpit................................................................................................184
13 Menu Live Log......................................................................................................185
13.1 Start Live Log ...................................................................................................186
13.2 Search function.................................................................................................186
13.3 Tab Settings .....................................................................................................187
13.4 Details of a Log Message .................................................................................188
13.5 Raw Data..........................................................................................................189
13.6 Colored Labeling of the Service in the Live Log................................................190
Part 2 User Interface.............................................................................................. 191
14 Login User Interface.............................................................................................192
14.1 The User Interface Sections..............................................................................193
14.2 Change Password ............................................................................................194
14.3 Download SSL-VPN Client ...............................................................................195
14.4 Spamfilter .........................................................................................................196
14.4.1 Overview over the spam filter interface......................................................196
14.4.2 Columns of the Table.................................................................................198
14.4.3 Details of an E-mail....................................................................................199
14.4.4 Action on the Tab Ham..............................................................................200
14.4.5 Action on the Tab Spam ............................................................................201
14.4.6 Actions on the Tab Trash...........................................................................202
14.4.7 Tab Statistic...............................................................................................203
Securepoint 10
Securepoint
Security Solutions 10
14.4.7.1 Filter.....................................................................................................203
14.4.7.2 Tab General.........................................................................................204
14.4.7.3 Tab Virus .............................................................................................204
14.4.7.4 Tab Top Level Domain.........................................................................205
14.5 SPUVA Login....................................................................................................206
14.6 Wake on LAN ...................................................................................................207
14.7 Download Section.............................................................................................208
15 Zone Concept of the Securepoint Firewall............................................................209
1 Introduction Securepoint 10
Securepoint
Security Solutions 11
1 Introduction
The internet is an ubiquitous information and communication medium in our time. Often
the computer or the network is permanent connected to the internet, because a lot of
businesses are executed online.
It is mostly disregarded that the internet must be seen as a security risk. This is especial-
ly critical, if confidential data are stored on the systems. The security of these data can-
not be guaranteed. The information could be spied out or may be irrevocable lost by a
computer virus.
Software firewalls, which are installed on the computer, don’t meet requirements, be-
cause the dangerous programs are already in the net.
A system is demanded, which is positioned between the internet and the local network,
to guard the network against destructive programs and to control the communication with
the internet.
The Securepoint Unified Threat Management (UTM) offers a complete solution with
comprehensive safety measures in respect of network-, web- and e-mail security. The
appliance offers firewall-, IDS- and VPN-functionality, proxies, automatic virus scanning,
web content- and spam-filtering, clustering, high availability und multipath routing func-
tionality. It provides several authentication methods and encrypted access to the net-
work.
The combination of these functions in one system minimizes the administrative and inte-
grative complexity in contrast to individual solutions.
The appliance is administrated with a clearly structured web-interface.
The Securepoint UTM solution is available as a pure software version or as sundry ap-
pliances which are especially adapted to the requests. The solutions vary from home
office and small office networks to great company networks with several hundred com-
puters.
Securepoint 10
Securepoint
Security Solutions 12
Part 1
The Administration Interface
2 The Appliances Securepoint 10
Securepoint
Security Solutions 13
2 The Appliances
The firewall software is installed on hardware, which is especially designed for the purpose of
network protection. The portfolio of Securepoint contains 7 appliances. The appliances are
adapted to different network quantities and consequently the processing speed, the memory
capacity, the disk space, the throughput rate and the numbers of interfaces of the machines
vary.
machine
image
user
FW throughput
VPN-throughput
Piranja
up to 5
100 Mbit/s
70 Mbit/s
RC 100
10 to 25
100 Mbit/s
100 Mbit/s
RC 200
25 to 50
400 Mbit/s
260 Mbit/s
RC 300
50 to 100
1000 Mbit/s
700 Mbit/s
RC 310
50 to 100
1000 Mbit/s
1000 Mbit/s
RC 400
100 to 500
1000 Mbit/s
1000 Mbit/s
RC 410
100 to 500
1000 Mbit/s
1000 Mbit/s
machine
CPU
RAM
HDD
interfaces
USB ports
Piranja
VIA C3 / Eden 533
MHz
1 GB
Compact Flash
512 MB
3 x 10/100
Ethernet ports
1
RC 100
VIA C7 1 GHz
1 GB
80 GB
3 x 10/100
Ethernet ports
1
RC 200
Intel M 1,0 GHz
1 GB
80 GB
4 x 10/100/1000
Ethernet ports
5
RC 300
Intel Core2 Duo
E4500 2 x 2,2 GHz
1 GB
80 GB
6 x 10/1000
Ethernet ports
4
RC 310
Pentium D
2 x 3,4 GHz
1 GB
2 x 80 GB
6 x 10/1000
Ethernet pPorts
4
RC 400
Xeon 5335
1,8 GHz
2 GB
2 x 73 GB
10 x 10/1000
Ethernet ports
4
RC 410
Xeon 1,8 GHz
2 GB
2 x 73 GB
10 x 10/1000
Ethernet ports
4
3 Positioning the Appliance Securepoint 10
Securepoint
Security Solutions 14
3 Positioning the Appliance
In the network assembling the appliance is positioned behind the modem. If a network is
actuated behind the appliance, a switch or hub must be set between the UTM and the
network. If you only use one computer, you can conduct it directly to the appliance.
Modem Securepoint
Appliance Switch
Computer n
Computer 1
Computer 2
Internet
fig. 1 position of the appliance in the network
3.1 Piranja and RC 100
The Piranja and the RC 100 appliances have 3 Ethernet ports (LAN 1 to LAN 3), one serial
interface (D-Sub) and two USB ports.
The three network ports are destined for different nets. The interface eth0 is reached through
LAN 1and is designated for the external network (internet). LAN 2 represents the second
interface eth1 and is designated for the internal network. The port LAN 3 uses the interface
eth2 and is destined for a demilitarized zone (DMZ). It can also be used for a second internal
network or a second external connection.
fig. 2 rear view of the Piranja respectively of the RC 100
port
interface
net
LAN 1
eth0
external (internet)
LAN 2
eth1
internal
LAN 3
eth2
DMZ
3 Positioning the Appliance Securepoint 10
Securepoint
Security Solutions 15
3.2 RC 200
The RC 200 has 4 LAN ports. The assignments of the first three ports are identical to the
previous it described ones. The port LAN 4 is bounded to the interface eth3 und is for free
disposal. You could connect another internal net, another DMZ or a second internet connec-
tion to this port.
fig. 3 rear view of the Piranja respectively of the RC 100
port
interface
net
LAN 1
eth0
external (internet)
LAN 2
eth1
internal
LAN 3
eth2
DMZ
LAN 4
eth3
free disposal
3.3 RC 300
The RC 300 has 6 LAN ports. Contrary to smaller dimensioned appliances the ports are
numbered serially from right to left. The ports at the machine are not labeled. Take the attri-
bution from the figure.
fig. 4 front view of the RC 300 (schematic)
port
interface
net
LAN 1
eth0
external (internet)
LAN 2
eth1
internal
LAN 3
eth2
DMZ
LAN 4
eth3
free disposal
LAN 5
eth4
free disposal
LAN 6
eth5
free disposal
3 Positioning the Appliance Securepoint 10
Securepoint
Security Solutions 16
3.4 RC 400
This Appliance has 8 LAN ports. The sockets are arragned in two blocks of 4 connectors.
The ports are numbered top down and from left to right. LAN 1 and LAN 3 are destined for
the predefined networks. The ports in the machine are not labeled. Take the attribution from
the figure.
fig. 5 front view of the RC 400 (schematic)
port
interface
net
LAN 1
eth0
external (internet)
LAN 2
eth1
internal
LAN 3
eth2
DMZ
LAN 4
eth3
free disposale
LAN 5
eth4
free disposale
LAN 6
eth5
free disposale
LAN 7
eth6
free disposale
LAN 8
eth7
free disposale
LAN 1 LAN 3
LAN 2 LAN 4 LAN 6 LAN 8
LAN 5 LAN 7
4 Administration Interface Securepoint 10
Securepoint
Security Solutions 17
4 Administration Interface
4.1 Connecting the Appliance
You access the appliance with your browser on the IP address of the internal interface on the
port 11115 using the https (SSL) protocol.
The factory setting for the internal IP address is 192.168.175.1. The port 11115 cannot be
changed. It is reserved for the administration.
User name and password are set to the following by default.
User name: admin
Password: insecure
Start your internet browser and insert the following value into the address field:
https://192.168.175.1:11115/
If you have changed the IP address at the installation, replace the IP address
192.168.175.1 with the new one.
The dialog LOGIN appears.
fig. 6 Login dialog
At the field Username insert admin.
At the field Password insert insecure or the new password, if you change it during
the installation process.
After this click Login.
You will be logged on to the system and the start screen appears.
Note: Change your password as quickly as possible. Use the navigation bar icon Au-
thentication, item Users.
Use upper- and lowercase characters, numerals and special characters. Your
password should be eight characters long.
5 Securepoint Cockpit Securepoint 10
Securepoint
Security Solutions 18
4.2 System Requirements for Client Computer
Operating system: MS Windows XP and higher or Linux
Processor: Pentium 4 with 1.8 GHz and higher or according
Memory: 512 MB or more
Browser: preferably MS Internet Explorer 7 and Mozilla Firefox 3
5 Securepoint Cockpit
The first screen shown after login to the trusted area displays an overview of the hardware
and services status. Besides it contains the navigation bar, information of the license, active
connections and available downloads.
This view is always open. All further configuration options and settings will be conducted in
popup windows. After editing the settings, the popup windows will be closed and the cockpit
in the background will be activated again.
The lists in the cockpit can be closed to managie the display for your needs.
fig. 7 cockpit overview
5 Securepoint Cockpit Securepoint 10
Securepoint
Security Solutions 19
5.1 Navigation Bar
The navigation bar guides you to the different configuration categories. These catego-
ries are: configuration, network, firewall, applications, VPN, authentication, ex-
tras, live log
Moving the mouse over the entry opens the respective dropdown menu.
fig. 8 navigation bar of the cockpit
5.2 License
In this area you have an overlook of the firewall software, updates and license.
name
description
Firewall Type
Name of the firewall software
Version
Version of the firewall software
Licensed to
Name, and if applicable, company of the license owner.
License valid till
Validation of the license
The date is given in US American format: MM/DD/YYYY
Last Virus Pattern update
Time of the last virus pattern update.
fig. 9 licence area
5 Securepoint Cockpit Securepoint 10
Securepoint
Security Solutions 20
5.3 System
In this area the current system utilization and the number of active TCP / UDP connections
are shown.
name
description
CPU
Utilization of the processor
Type
Type of processor
RAM
Utilization of the memory
graphical and in percentage
SWAP
Utilization of the swap file
graphical and in percentage
Uptime
How long the system is running since the last reboot.
Current TCP Connections
Number of current TCP connections
Current UDP Connections
Number of current UDP connections
Start Configuration
Name of the start configuration
Running Configuration
Name of the running configuration
fig. 10 system status
This manual suits for next models
5
Table of contents
Popular Firewall manuals by other brands
Fortinet
Fortinet FortiGate FortiGate-100A install guide
Fortinet
Fortinet FortiGate-51B-LENC quick start guide
Barracuda
Barracuda CloudGen F400 C Standard Model quick start guide
Juniper
Juniper JATP700 How to set up
Fortinet
Fortinet FortiManager 400C quick start guide
D-Link
D-Link NetDefend DFL-260E Quick installation guide
