utnserver Pro
en
utnserver Control Center
Online help
Version 1.2
NETWORK – IPv4 | |
---|---|
Element | Description |
DHCP | Enables/disables the DHCP protocol. The utnserver receives its IPv4 configuration automatically via the protocol. |
ARP/PING | Enables/disables the IP address assignment via ARP/PING. You can use the commands ARP and PING to change an IP address which was assigned via Zeroconf during the initial setup. |
IP address | IP address of the utnserver |
Prefix length | The IP address and the prefix length defines the network mask of the utnserver. |
Router | Router address of the utnserver |
NETWORK – IPv6 | |
---|---|
Element | Description |
IPv6 | Enables/disables the IPv6 feature. |
Automatic configuration | Enables/disables the automatic assignment of the IPv6 address for the utnserver. |
IPv6 address | Defines a utnserver IPv6 unicast address assigned manually in the format n:n:n:n:n:n:n:n. Every 'n' represents the hexadecimal value of one of the eight 16 bit elements of the address. |
Router | Defines the IPv6 unicast address of the router. The utnserver sends its 'Router Solicitations' (RS) to this router. |
Prefix length | Defines the length of the subnet prefix for the IPv6 address. The value 64 is preset. Address ranges are specified by prefixes. The prefix length (number of bits used) is added to the IPv6 address and specified as a decimal number. The decimal number is separated by '/'. |
NETWORK – IP-VLAN | |
---|---|
Element | Description |
IP management VLAN &ndash | Enables/disables the forwarding of IP management VLAN data. If this option is enabled, SNMP is only available in the IP management VLAN. |
Management VLAN selection menu | Sets the management VLAN vin the network. |
IP management VLAN – TCP access via LAN (untagged) | Enables/disables the web access (utnserver Control Center) to the utnserver via IP packets without tag. If this option is disabled, the utnserver can only be administrated via VLANs.< br>Note:The SNMP works exclusively via LAN and the VLAN specified in the selection menu. |
NETWORK – DNS | |
---|---|
Element | Description |
DNS | Enables/disables the name resolution via a DNS server. DNS allows for the mutual assignment of names and addresses. |
Primary DNS server | Defines the IP address of the primary DNS server. |
Secondary DNS server | Defines the IP address of the secondary DNS server. The secondary DNS server is used if the primary DNS server is not available. |
Domain name (suffix) | Defines the domain name of an existing DNS server. |
Preferred address type | Specifies which address type is used after the IP address is returned from the DNS server. (This option is only relevant if IPv4 and IPv6 is enabled.) |
NETWORK – Email | |
---|---|
Element | Description |
POP3 | Enables/disables the POP3 feature. |
POP3 – Server address | Defines the POP3 server via its IP address or host name. (A host name can only be used if a DNS server was configured beforehand.) |
POP3 – Server port | Defines the port used by the utnserver for receiving emails. The port number 110 is preset. When using SSL/TLS, enter 995 as port number. |
POP3 – Security | Defines the authentication method to be used (APOP/SSL/TLS). When using SSL/TLS, the cipher strength is defined via the encryption level. |
POP3 – Check mail every | Defines the time interval (in minutes) for retrieving emails from the POP3 server. |
POP3 – Ignore mail exceeding | Defines the maximum email size (in Kbyte) to be accepted by the utnserver. (0 = unlimited) |
POP3 – User name | Defines the user name used by the utnserver to log on to the POP3 server. |
POP3 – Password | Defines the password used by the utnserver to log on to the POP3 server. |
SMTP – Server address | Defines the SMTP server via its IP address or host name. (A host name can only be used if a DNS server was configured beforehand.) |
SMTP – Server port | Defines the port number used by the utnserver to send emails to the SMTP server. The port number 25 is preset. |
SMTP – SSL/TLS | Enables/disables the SSL/TLS encryption for the communication between utnserver and SMTP server. The encryption strength is defined via the encryption protocol and level. |
SMTP – Sender name | Defines the email address used by the utnserver to send emails. (Very often the name of the sender and the user name are identical.) |
SMTP – Login | Enables/disables the SMTP authentication for the login. |
SMTP – User name | Defines the user name used by the utnserver to log on to the SMTP server. |
SMTP – Password | Defines the password used by the utnserver to log on to the SMTP server. |
SMTP – Security (S/MIME) | Enables/disables the signing of emails with S/MIME. A signature created by the sender allows the recipient to verify the identity of the sender and to make sure that the email was not modified. An S/MIME certificate is required for all security features. |
SMTP – Attach public key | Sends the public key together with the email. Many email clients require the public key to be attached in order to view the emails. |
SMTP – Encryption | Defines the encryption of emails. Only the recipient can open and read the encrypted email. |
NETWORK – Bonjour | |
---|---|
Element | Description |
Bonjour | Enables/disables the Bonjour feature. Bonjour is a technology which automatically finds computers, devices and different network services in IP networks. |
Bonjour name | Defines the Bonjour name of the utnserver. The utnserver uses this name for its Bonjour services. If no Bonjour name is entered, the default name will be used (device name@ICxxxxxx). |
DEVICE – Description | |
---|---|
Element | Description |
Host name | Defines the host name of the utnserver. |
Description | Freely definable description |
Contact person | Freely definable description |
DEVICE – Date/Time | |
---|---|
Element | Description |
Time zone | Adapts the device time (which is either set via the device clock or received via a time server) to your local standard time including country-specific particularities such as summer time. |
Time server | Enables/disables the use of a time server (SNTP). A time server synchronizes the time of devices within a network, so that all devices have a correct time setting and can use time-dependent network mechanisms such as authentication. |
Server address | Defines a time server via its IP address or host name. (A host name can only be used if a DNS server was configured beforehand.) |
DEVICE – UTN Port | |
---|---|
Element | Description |
UTN port | Defines the number of the UTN port for unencrypted connections. Client and utnserver communicate via the UTN port. The port number 9200 is preset. Note: The UTN port must not be blocked by security software (firewall). |
Encrypted UTN port | Defines the number of the UTN port for encrypted connections. The encrypted UTN port is used for SSL/TLS encrypted connections between the client and utnserver. The port number 9443 is preset. Note: The encrypted UTN port must not be blocked by security software (firewall). |
DEVICE – NOTIFICATION | |
---|---|
Element | Description |
Note: You must configure POP3 und SMTP to use the notification service. | |
Email – Email address | Defines the email address of the recipient to which the emails will be sent. |
Status email – Recipient | Enables/disables the periodical sending of a status email to recipient 1 or 2. |
Status email – Interval | Specifies the interval at which a status email is sent. |
Email subject | Defines the email subject line text for notification and status emails. |
SNMP traps | Note: SNMP traps can only be used if SNMP was configured beforehand. |
SNMP traps – Address | Defines the SNMP trap address of the recipient. |
SNMP traps – Community | Defines the SNMP trap community of the recipient. |
SNMP traps – SNMP version | Defines the SNMP protocol for the sending of SNMP traps. |
Device – Relay | |
---|---|
Element | Description |
Clear all Events/Reset Relay | Clears all events and resets the relay |
Relay activation - user-defined | Manually switches the relay to the desired position (open or closed). The relay remains in the selected position. |
Relay activation - event-related | The relay switches from the open to the closed position as soon as one of the selected events occurs. After that, the relay does not switch back automatically. To do this, the event must first be manually deleted and the relay has to be reset. |
Relay activation - status-related | By default, the relay is in open position. As soon as one chosen device status occurs, the relay switches to closed position. As soon as the status changes back, the relay automatically returns to open position. |
Fixed position - open | Manually switches the relay to the closed position and the relay activation to user-defined. |
Fixed position - closed | Manually switches the relay to the closed position and the relay activation to user-defined. |
Security – SSL/TLS | |
---|---|
Element | Description |
Encryption protocol | Defines the encryption protocol to be used for SSL/TLS connections. Which protocols can be chosen depends on the product and its software version. With 'any', the protocol is automatically negotiated by both communicating parties. |
Encryption level | Defines the encryption level to be used for all SSL/TLS connections. - Any (The encryption is automatically negotiated by both communicating parties. The strongest encryption supported by both parties will always be chosen.) - Low (weak encryption) - Medium - High (strong encryption) |
Detailed information (connection status, cipher suites, etc.) can be found on the Details page. |
SECURITY – Control Center | |
---|---|
Element | Description |
Connection | Defines the permitted type of connection to the utnserver Control Center: - HTTP and HTTPS (unencrypted or encrypted connection) - HTTPS only (always encrypted connections) The encryption strength is defined via the encryption protocol and level. |
User Accounts | Defines the three user accounts (name and password) for the restricted access to the utnserver Control Center and the SNMP access.
- Administrator: Complete access to the utnserver Control Center. The user can see all pages and administrate. - USB Manager: Restricted access to the utnserver Control Center. The user can only manage the USB ports (Security - USB subpage) and terminate activated port connections from the utnserver Control Center home page. - Read-only user: Very restricted access to the utnserver Control Center. The user can only see the 'START' page. |
Restrict Control Center access | Enables/disables the utnserver Center access restriction. If access is restricted, a login screen is displayed when opening the utnserver Control Center. Note: If access is restricted, user accounts must be defined. |
Restrict Control Center access – Login screen displays | Defines the type of login screen. It is either displayed: - a list of users (user names are shown. Only the password must be entered.) - the name and password dialog (A neutral login mask in which user name and password must be entered.) |
Restrict Control Center access – Session timeout | Enables/disables the session timeout. If there is no activity during the timeout defined, the connection to the utnserver Control Center is terminated for security reasons. In the box, enter the time in seconds after which the timeout is to be effective. |
SECURITY – SNMP | |
---|---|
Element | Description |
SNMPv1 | Enables/disables SNMPv1. |
SNMPv1 – Read-only | Enables/disables the write protection for the community. |
SNMPv1 – Community | SNMP community name The SNMP community is a basic form of access protection in which several participants with the same access rights are grouped together. |
SNMPv3 | Enables/disables SNMPv3. Note: For SNMPv3 the user accounts 'Administrator' and 'Read-only user’ must be set up. |
SNMPv3 – Hash | Defines the hash algorithm. |
SNMPv3 – Access rights | Defines the access rights of the SNMP user. |
SNMPv3 – Encryption | Defines the encryption method. In addition, the password must be entered. |
SECURITY – TCP port access | |
---|---|
Element | Description |
Port access control | Enables/disables the blocking of selected ports and thus connections to the utnserver. You define the port types to be blocked in the 'Security level' area. Caution: The utnserver may not receive information (e.g. via DNS and SNTP) anymore and that you won’t be able to access the utnserver Control Center. In the 'Exceptions' area, define the network elements which are excluded from port blocking. Test your settings for the port access control via the 'Test mode’ in order to make sure you can access the utnserver. |
Test mode | Enables/disables the test mode. With the test mode your can check your setting for the port access control. If the test mode is activated, the access protection remains active until the utnserver is rebooted. Caution: After a successful test, you must deactivate the test mode so that access protection remains permanently active. |
Security level | Blocks the selected port types. - Block UTN access (UTN ports) - Block TCP access (TCP ports: HTTP/HTTPS, UTN) - Block all (all IP ports) Notes: - The parameter 'Port access control' must be enabled for the blocking to be effective. - In the 'Exceptions' area, define the network elements which are excluded from port blocking. Test your settings for the port access control via the 'Test mode’ in order to make sure you can access the utnserver. |
Exceptions | Defines elements that are excluded from port blocking using their IP or hardware address. You can define up to 16 exceptions. Using wildcards (*), you can define subnetworks. Note: Hardware addresses (MAC) are not delivered through routers! |
SECURITY – Certificates | |
---|---|
Element | Description |
Certificates status | You can view installed certificates, save them locally or delete them. To do so, click the respective icon. |
Self-signed certificate | Displays a page to create a self-signed certificate. The self-signed certificate is created and immediately installed on the utnserver. |
Certificate request | Starts a page for the creation of a certificate request. In order to use a certificate that has been issued especially for the utnserver, a certificate request may be created. You send it to the certification authority which creates an certificate on the basis of this request. After you have received the requested certificate, you have to install it in the utnserver. |
PKCS#12 certificate | Displays a page for the installation of a PKCS#12 certificate. PKCS#12 certificates are used to save private keys and their corresponding certificates in one file. In addition, the file is protected with a password. Note: The PKCS#12 certificate must be in 'base64' format. |
Requested certificate | Displays a page for the installation of a certificate, that has been created by a certification authority (CA) for the utnserver on the basis of a certificate request. Note: The certificate must be in 'base64' format. |
S/MIME certificate | Displays a page for the installation of an S/MIME certificate. S/MIME certificates (*.pem file) are used to sign and encrypt emails which are sent by the utnserver. Note: The S/MIME certificate must be in 'base64' format. |
CA certificate | Displays a page for the installation of a certification authority's (CA) certificate. CA certificates are used for verifying certificates that have been issued by the respective certification authority. Note: The CA certificate must be in 'base64' format. Up to 32 CA certificates can be installed. |
SECURITY – Authentication | |
---|---|
Element | Description |
Authentication method | Defines an authentication mechanism (according to IEEE 802.1X). If you are using an authentication mechanism in your network, the utnserver can participate. |
User name | Defines the user name that is set up for the utnserver on the RADIUS server for the EAP authentication methods MD5, TTLS, PEAP, and FAST. |
Password | Defines the password that is set up for the utnserver on the RADIUS server for the EAP authentication methods MD5, TTLS, PEAP, and FAST. |
PEAP/EAP-FAST options | Defines the kind of external authentication for the EAP authentication methods TTLS, PEAP, and FAST. |
Inner authentication | Defines the kind of inner authentication for the EAP authentication methods TTLS, PEAP, and FAST. |
EAP root certificate | Defines the root certificate for the authentication procedure. Choose the root CA certificate of the certification authority that has issued the certificate of the authentication server (RADIUS). Note: The CA certificate must already be installed on the device. |
Anonymous name | Defines the anonymous name for the unencrypted part of the EAP authentication methods TTLS, PEAP, and FAST. |
WPA add-on | Defines an optional WPA expansion for the EAP authentication methods TTLS, PEAP, and FAST. |
SECURITY – USB | |
---|---|
Element | Description |
Encrypt USB communication (SSL/TLS) | Enables/disables the SSL/TLS encryption of the entire USB and UTN communication. The encryption strength is defined via the encryption protocol and level. |
Disable input devices (HID class) | Enables/disables the blocking of input devices (HID – human interface devices).
'Enable/disable input devices (HID class) for all ports' enables or disables all ports at once. The feature protects the utnserver from USB devices that present themselves as HID class devices but actually used for abuse (known as 'BadUSB'). |
USB | Shows the USB port type (2.0 Hi-Speed or USB 3.0 SuperSpeed). |
Flash | Enables/disables the power supply for the USB port (i.e. the USB device connected to the port). With this feature you can (de)activate a USB device connected to the USB port (e.g. in case of an error) or disable used USB ports (to increase security). |
Name | Freely definable description of the USB port. If no port name is defined, the default name of the USB device connected will be used. Using the port name, the connected USB device can be displayed with the desired name. |
Lock | Information on security mechanisms that are set up for the USB port: - Port key control - Device assignment - Port key control and device assignment combined |
VLAN | Allocates a VLAN to the USB port. |
USB device | Information on the connected USB device: Name (product ID – PID), serial number, manufacturer (vendor ID – VID). |
Change | Opens a sub page for the respective USB port for configuring the security features port port key control and device assignment. |
Details | Shows information on the USB port and the connected USB device. |
SECURITY – USB port | |
---|---|
Element | Description |
Description | Allows a description of the USB port. The written information is displayed on the properties page of the UTN manager for the corresponding USB port. (A line break can be created with <br>. The maximum string length is 128byte.) |
Method | Defines a method to limit the access to USB devices which are connected to the utnserver: - Port key control: A key is defined for the USB port. The USB port nor the connected USB device are shown in the SEH UTN Manager, however a connection cannot be established. To do so, the key must be entered in the SEH UTN Manager. - Device assignment: A certain USB device is assigned to a USB port. This is achieved by linking the USB port and USB device through the vendor ID (short VID) and product ID (short PID) of the USB device. The combination of VID and PID is specific to a certain USB device model which means that only USB devices of this specific model can be used on the USB port. This way you can assure, that (security) settings cannot be circumvented by connecting USB devices to other ports. - Port key control/device assignment: Combines the methods described above. |
Key | Specifies the key for the port key control. You can have the key generated for you or enter one manually (max. 64 ASCII characters). You can assign up to 2 keys with different validity to one USB port. |
USB device | Shows the VID (Vendor ID) and PID (Product ID) of the USB device that is assigned to the USB port via the device assignment. You can assign the USB device by clicking 'Allocate device'. |
MAINTENANCE – Backup | |
---|---|
Element | Description |
Parameter file – View | You can view the current parameter values of the utnserver. |
Parameter file – Export | You can save the current parameter values of the utnserver locally to your client as text file. Note: You can edit the saved parameter file with a text editor and then load it onto a utnserver. |
Parameter file – Restore | Imports a previously selected parameters file onto the utnserver. The utnserver will adopt the parameter values in the file. |
System backup – WebDAV | Note: You must configure a WebDAV-Server to use the WebDAV backup. |
WebDAV – Server directory | Defines the directory on the WebDAV server in which the system backups are saved. |
WebDAV – Create directories for individual days | Enables/disables the creation of subdirectories in which the daily system backups are saved. Note: After one year, the FIFO method (first, in, first-out) is applied. For example, January 01 of last year will be replaced by January 01 of the current year. |
WebDAV – Changes backup | Enables/disables the system backup to a WebDAV server. The backup takes place if the device configuration is changed. Note: Can only be used if a WebDAV server was configured beforehand. |
WebDAV – Daily backup | Saves daily system backups to the WebDAV server at a time defined. |
WebDAV – Backup manually now | Saves the system backup to the WebDAV server immediately. |
MAINTENANCE – Default settings | |
---|---|
Element | Description |
Default settings | Resets the parameters of the utnserver to the default (factory settings). Note: Since the IP address of the utnserver will be reset as well, the utnserver Control Center cannot be started or displayed in the browser after the reset. Installed certificates will not be deleted. |
MAINTENANCE – Update | |
---|---|
Element | Description |
Update | Installs a previously selected update file (software) on the utnserver. In an update, the old software is overwritten and replaced by the new version. The device configuration will not be changed. |
MAINTENANCE – Restart | |
---|---|
Element | Description |
Restart | Initiates a restart of the utnserver. |