IT-Security made in Germany

Secure site networking

Enables any number of locations to be linked

securely, communication to be encrypted and

VPN dial-up accesses to be provided.

WiFi pre-installed

The VPN-Gateway has built-in WiFi. The WiFi

option can be tested for 30 days free of charge

and can then be activated permanently by

purchasing a licence key.

VPN-Client

Professional Securepoint VPN-Client based on

OpenVPN. Allows complex encryption and

authentication methods to be managed simply

and clearly.

VPN server

The integrated VPN server offers extensive

connectivity and supports the protocols IPSec,

SSL-VPN/OpenVPN and L2TP.

Black Dwarf VPN-GatewayProfessional site networking

User identification

The VPN-Gateway can be linked to an active directory and

this makes the process of authenticating VPN users much

simpler. A radius authentication for the VPN protocols

PPTP and L2TP is also integrated.

VPN-Client

The Securepoint VPN-Client for Windows based on

OpenVPN is free of charge and is available with every

Securepoint VPN and UTM product. The simple and clear

user interface allows you to manage a large number of

VPN connections.

Features overview:

■ Stateful Packet Inspection Firewall (SPI)

■ Secure VPN connections:

- Gateway-to-Gateway

- Gateway-to-Client

■ VPN servers

(IPSec, SSL-VPN, L2TP, PPTP)

■ Site networking with any number of VPN channels

■ Integrated free of charge Securepoint VPN-Client

■ No licence costs for VPN connections

■ Clientless VPN - Browser-based VPN without plug-in

(HTML5, RDP, VNC)

■ User identification

(locally, Active Directory, LDAP)

Professional and secure site networking

The Securepoint Black Dwarf VPN-Gateway is the most

affordable entry model of the highly integrated

Securepoint VPN and UTM network components. It is

especially designed for small offices, branches and home

offices of up to 10 users.

The VPN-Gateway makes it possible to link any number

of locations securely and to provide VPN dial-up

accesses. The VPN server supports the latest protocols

such as IPSec, SSL-VPN/OpenVPN, L2TP and PPTP.

In addition, Clientless VPN can be used via standard

browsers without having to install a plug-in.

Next Generation VPN-Gateway

Upgrade to UTM-Gateway

By obtaining a licence key, you can upgrade from

VPN-Gateway to UTM-Gateway and make use of

additional security features.

Pre-installed WLAN

After setting up the VPN-Gateway, the WLAN module is

available for 30 days free of charge. After the testing phase

has expired, the WiFi option can be activated

permanently by purchasing a

licence key.

■ Complete router functionality

■ Complete IPv6 support

■ Reliability when using multiple Internet accesses

(fallback)

■ Load distribution across multiple Internet accesses

(load balancing/multipath routing)

■ Integrated one-time password server for high security

two and three factor authentication (OTP)

Suitable for: up to 10 users at the location

LAN ports: 3 x 10/100/1.000 MBit/s

WiFi/WLAN: 300 MBit/s (pre-installed)

Monitoring: Securepoint Operation Center

Power consumption: ~19 watts

Warranty: 36-month guarantee (bring-in)

Securepoint WebGUI: Operating and monitoring

Professional site networking

Securepoint GmbH

Bleckeder Landstraße 28

D-21337 Lüneburg

Germany

Phone: +49 41 31 / 24 01-0

Fax: +49 41 31 / 24 01-50

Email: info@securepoint.de

Web: www.securepoint.de

IT-Security made in Germany

System house/partner:

Operating functions

Administrator operation:– Languages: English, German– Audit-ready– Encryption of configurations, log data/reports– Real-time monitoring functions– Object-oriented configuration– Configuration backup management in Securepoint Cloud– Password/access data management– Configuration management (multiple configurations in one system)– Firmware management (updating firmware versions)– Backup management (configuration backups)– Configuration via: – CLI (Command Line Interface): Script-based management for automated roll-outs – Web user interface: Single-System-Management – Securepoint Operation Center (SOC): Multi-System-Management– SSH access to CLI– Customisable dashboard

End user operation:– Languages: English, German– Clientless VPN (VPN via browser for RDP, VNC without additional plug-ins)– Download of automatically preconfigured SSL-VPN clients (OpenVPN)– Wake-on-LAN

Monitoring, logging andreport functions

Monitoring, logging and reporting:– Internet connection monitoring– System/service status– Hardware status– Network status – Service/process status– Traffic status– VPN status– User authentication status

– Live logging– Syslog protocol support and integrated syslog server (see SOC)– Logging for various syslog servers

SNMP:– SNMPv1– SNMPv2c – Monitoring: – CPU, RAM, HDD/SSD/RAID, Ethernet – Internet connections Statistics and reports (SOC):– Exporting statistics as PDF and CSV– Antivirus/antispam statistics – Alerts: Triggered alarms– Overview of IDS attacks– IDS IP attackers and types of attack– Top dropped packets– Top accepted packets– Top rejected packets

Network functions

IPv6-ready:– Configuration for external tunnel brokers (e.g. HE.net) – IPv6-DHCP and router advertisement – DHCP-relay, also via VPN tunnel – Rules for DHCP are automatically created for the respective interfaces

WLAN access point:– Virtual WLANs (e.g. guest networks)– Authentication: Active directory, pre-shared key (PSK)– WLAN monitoring– WPA2 encryption

UMTS:– Internet connection via UMTS– UMTS usage as fallback

LAN/WAN:– Ethernet 10/100/1.000 Mbit/s– xDSL (PPPoE), cable modem– Load balancing– Bandwidth management– Time-controlled Internet connections– DynDNS support (free of charge via http://www.spdns.de)

Routing:– Source routing– Destination routing– Multipath routing in mixed operation also (up to 15 lines)– NAT (static/hide NAT), virtual IP addresses– PAT (Port address translation)

DHCP (IPv4/IPv6):– DHCP relay – DHCP client – DHCP server (dynamic/fixed IP)

DMZ:– Port forwarding – Port address translation (PAT)

VLAN:– Max. 4094 VLANs per interface – 802.1q Ethernet header tagging – Can be combined with bridging

Bridge-Mode:– OSI layer 2 firewall functions – Spanning tree (bridge ID, port cost) – Unlimited bridges – Unlimited interfaces per bridge

Traffic shaping/Quality of service (QoS):– QoS/traffic shaping (also for VPN)– Adjustable upload/download traffic– All services can be configured separately – Minimum, maximum and guaranteed bandwidths can be configured individually– Multiple Internet connections supported

High availability:– Active-passive HA– Synchronisation of single/multiple connections

Name server:– Forwarder– Relay zones– Master zones (domain and reverse)

Security functions

Firewall stateful packet insp. (SPI):– Stateful inspection – Connection tracking TCP/UDP/ICMP – SPI and proxy can be combined– Time-controlled firewall rules, content/web filters, Internet connection– Group-based firewall rules, content/web filters, Internet connection– Supported protocols: TCP, UDP, ICMP, GRE, ESP, AH

Implied rules configuration:– Standard services such as Bootp, Nebios Broadcast... can be removed from logging via One-Click– Standard services such as VPN can be granted access via One-Click without a rule having to be written– Static-NAT, hide-NAT and their excepti- ons can be configured in the packet filter– Automatic update functions

VPN:– VPN and certificate assistant– DynDNS support (free of charge via http://www.spdns.de)ClientLessVPN:– Client-to-site (VPN home offices) – VPN via browser for RDP/VNC without additional plug-ins (modern browsers)– Authentication: Active directory, local user database– SSL encryptionIPSec:– Site-to-site (VPN branches)– Client-to-site (VPN home offices) – Authentication: Active directory, local user database

– Encryption: 3DES, AES 128/ 256Bit, Twofish– Hash-Algo., MD5-HMAC/SHA1, SHA2– Windows 7/8-ready with IKEv1, IKEv2 – Pre-shared keys (PSK) – X.509 certificates – Tunnel mode – DPD (dead peer detection) – NAT-T– Data compression – PFS (perfect forward secrecy) – XAUTH, L2TPSSL:– Site-to-site (VPN branches)– Client-to-site (VPN home offices) – Authentication: Active directory, local user database– SSL encryption (OpenVPN)– Encryption: 3DES, AES (128, 192, 256) CAST5, Blowfish – Routing mode VPN – X.509 certificates – TCP/UDP port can be changed – Data compression – Export for One-Click connectionL2TP:– Client-to-site (VPN home offices) – Authentication: Active directory, radius, local user database– Windows L2TP support PPTP (not recommended):– Client-to-site (VPN home offices)– Authentication: Active directory, radius, local user database– Windows PPTP support

X.509 certificate server:– Certificate revocation list (CRL)– Online certificate status protocol (OCSP)– Templates – Multi-CA support – Multi-host certificate support

VPN clients (free):OpenVPN client (OpenVPN):– Can be configured centrally via administration interface– Configuration that can be downloaded via user web interface included– Can be executed without admin rights onWindows– Operation: One-Click VPN connectionClientlessVPN:– Can be configured centrally via admin in-terface– Can be called up via user interface– Operation: One-Click VPN connection

User authentication:– Complete active directory integration– Authentication against active directory for all VPN protocols, filters– And also radius authentication for VPN protocols PPTP/L2TP

Backup:– Locally in the workplace, locally in UTM/VPN system, in SOC database and Securepoint Cloud– Automatic and time-based backups – Backups can be encrypted – Backups possible on running system

One-time password (OTP):– Integrated one-time password server for high security two and three factor authentication

Mis

take a

nd s

ubje

ct to

change r

eserv

ed

VPN-Gateway functions