utnserver Control Center
Online help
Version 1.2

NETWORK – IPv4
Element Description
DHCP Enables/disables the DHCP protocol.
The utnserver receives its IPv4 configuration automatically via the protocol.
ARP/PING Enables/disables the IP address assignment via ARP/PING.
You can use the commands ARP and PING to change an IP address which was assigned via Zeroconf during the initial setup.
IP address IP address of the utnserver
Prefix length The IP address and the prefix length defines the network mask of the utnserver.
Router Router address of the utnserver
NETWORK – IPv6
Element Description
IPv6 Enables/disables the IPv6 feature.
Automatic configuration Enables/disables the automatic assignment of the IPv6 address for the utnserver.
IPv6 address Defines a utnserver IPv6 unicast address assigned manually in the format n:n:n:n:n:n:n:n. Every 'n' represents the hexadecimal value of one of the eight 16 bit elements of the address.
Router Defines the IPv6 unicast address of the router. The utnserver sends its 'Router Solicitations' (RS) to this router.
Prefix length Defines the length of the subnet prefix for the IPv6 address. The value 64 is preset.
Address ranges are specified by prefixes. The prefix length (number of bits used) is added to the IPv6 address and specified as a decimal number. The decimal number is separated by '/'.
NETWORK – IP-VLAN
Element Description
IP management VLAN – Enables/disables the forwarding of IP management VLAN data.
If this option is enabled, SNMP is only available in the IP management VLAN.
Management VLAN selection menu Sets the management VLAN vin the network.
IP management VLAN – TCP access via LAN (untagged) Enables/disables the web access (utnserver Control Center) to the utnserver via IP packets without tag.
If this option is disabled, the utnserver can only be administrated via VLANs.< br>Note:The SNMP works exclusively via LAN and the VLAN specified in the selection menu.
NETWORK – DNS
Element Description
DNS Enables/disables the name resolution via a DNS server.
DNS allows for the mutual assignment of names and addresses.
Primary DNS server Defines the IP address of the primary DNS server.
Secondary DNS server Defines the IP address of the secondary DNS server.
The secondary DNS server is used if the primary DNS server is not available.
Domain name (suffix) Defines the domain name of an existing DNS server.
Preferred address type Specifies which address type is used after the IP address is returned from the DNS server. (This option is only relevant if IPv4 and IPv6 is enabled.)
NETWORK – Email
Element Description
POP3 Enables/disables the POP3 feature.
POP3 – Server address Defines the POP3 server via its IP address or host name.
(A host name can only be used if a DNS server was configured beforehand.)
POP3 – Server port Defines the port used by the utnserver for receiving emails.
The port number 110 is preset. When using SSL/TLS, enter 995 as port number.
POP3 – Security Defines the authentication method to be used (APOP/SSL/TLS).
When using SSL/TLS, the cipher strength is defined via the encryption level.
POP3 – Check mail every Defines the time interval (in minutes) for retrieving emails from the POP3 server.
POP3 – Ignore mail exceeding Defines the maximum email size (in Kbyte) to be accepted by the utnserver.
(0 = unlimited)
POP3 – User name Defines the user name used by the utnserver to log on to the POP3 server.
POP3 – Password Defines the password used by the utnserver to log on to the POP3 server.
SMTP – Server address Defines the SMTP server via its IP address or host name.
(A host name can only be used if a DNS server was configured beforehand.)
SMTP – Server port Defines the port number used by the utnserver to send emails to the SMTP server.
The port number 25 is preset.
SMTP – SSL/TLS Enables/disables the SSL/TLS encryption for the communication between utnserver and SMTP server.
The encryption strength is defined via the encryption protocol and level.
SMTP – Sender name Defines the email address used by the utnserver to send emails.
(Very often the name of the sender and the user name are identical.)
SMTP – Login Enables/disables the SMTP authentication for the login.
SMTP – User name Defines the user name used by the utnserver to log on to the SMTP server.
SMTP – Password Defines the password used by the utnserver to log on to the SMTP server.
SMTP – Security (S/MIME) Enables/disables the signing of emails with S/MIME.
A signature created by the sender allows the recipient to verify the identity of the sender and to make sure that the email was not modified. An S/MIME certificate is required for all security features.
SMTP – Attach public key Sends the public key together with the email. Many email clients require the public key to be attached in order to view the emails.
SMTP – Encryption Defines the encryption of emails.
Only the recipient can open and read the encrypted email.
NETWORK – Bonjour
Element Description
Bonjour Enables/disables the Bonjour feature.
Bonjour is a technology which automatically finds computers, devices and different network services in IP networks.
Bonjour name Defines the Bonjour name of the utnserver.
The utnserver uses this name for its Bonjour services. If no Bonjour name is entered, the default name will be used (device name@ICxxxxxx).
NETWORK – Servers
Element Description
WebDAV Enables/disables the WebDaV feature.
The utnserver can send data to a WebDAV server, e.g. for monitoring purposes.
WebDAV – Server address Defines a WebDAV server via its IP address or host name.
(A host name can only be used if a DNS server was configured beforehand.)
WebDAV – User name Defines the user name used by the utnserver to log on to the WebDAV server.
WebDAV – Password Defines the password used by the utnserver to log on to the WebDaV server.
WebDAV – SSL/TLS Enables/disables the SSL/TLS encryption for the communication between the utnserver and WebDAV server.
The encryption strength is defined via the encryption protocol and level.
Syslog-ng Enables/disables the Syslog-ng feature.
The utnserver can send data to a Syslog-ng server, e.g. for monitoring purposes.
Syslog-ng – Server address Defines a Syslog-ng server via its IP address or the host name.
(A host name can only be used if a DNS server was configured beforehand.)
Syslog-ng – Server port Defines the port number used by the utnserver to communicate with the Syslog-ng server.
The port number 514 is preset.
Syslog-ng – SSL/TLS Enables/disables the SSL/TLS encryption for the communication between the utnserver and Syslog-ng server.
The encryption strength is defined via the encryption protocol and level.
DEVICE – Description
Element Description
Host name Defines the host name of the utnserver.
Description Freely definable description
Contact person Freely definable description
DEVICE – Date/Time
Element Description
Time zone Adapts the device time (which is either set via the device clock or received via a time server) to your local standard time including country-specific particularities such as summer time.
Device clock Manually defines date and time for the hardware clock of the utnserver. If the device is powered off, the device clock will continue to run for a certain period.
A correct time setting is required for some network mechanisms such as authentication. Therefore, we recommend to use a time server in regular operation and the use of the device clock only for special cases like the initial setup.
Time server Enables/disables the use of a time server (SNTP).
A time server synchronizes the time of devices within a network, so that all devices have a correct time setting and can use time-dependent network mechanisms such as authentication.
Server address Defines a time server via its IP address or host name.
(A host name can only be used if a DNS server was configured beforehand.)
DEVICE – UTN Port
Element Description
UTN port Defines the number of the UTN port for unencrypted connections.
Client and utnserver communicate via the UTN port. The port number 9200 is preset.
Note: The UTN port must not be blocked by security software (firewall).
Encrypted UTN port Defines the number of the UTN port for encrypted connections.
The encrypted UTN port is used for SSL/TLS encrypted connections between the client and utnserver. The port number 9443 is preset.
Note: The encrypted UTN port must not be blocked by security software (firewall).
DEVICE – NOTIFICATION
Element Description
Email Note: You must configure POP3 und SMTP to use the notification service.
Email – Email address Defines the email address of the recipient to which the emails will be sent.
Status email – Recipient Enables/disables the periodical sending of a status email to recipient 1 or 2.
Status email – Interval Specifies the interval at which a status email is sent.
Email subject Defines the email subject line text for notification and status emails.
SNMP traps Note: SNMP traps can only be used if SNMP was configured beforehand.
SNMP traps – Address Defines the SNMP trap address of the recipient.
SNMP traps – Community Defines the SNMP trap community of the recipient.
SNMP traps – SNMP version Defines the SNMP protocol for the sending of SNMP traps.
DEVICE – Monitoring
Element Description
Monitoring Enables/disables the monitoring of systems values, events, and errors.
View log Shows the current monitoring log.
Export Saves the current monitoring log to the client.
Delete Deletes the current monitoring log.
Values Defines the systems values, events, and errors which are to be monitored.
WebDAV – Directory Defines the directory on the WebDAV server in which the monitoring logs are saved.
WebDAV – Create directories for individual days Enables/disables the creation of subdirectories in which the monitoring logs of one day are saved.
Note: After one year, the FIFO method (first, in, first-out) is applied. For example, January 01 of last year will be replaced by January 01 of the current year.
WebDAV – Continuous backup Enables/disables the regular backup of monitoring logs on the WebDAV server.
Notes:
- Can only be used if a WebDAV server was configured beforehand.
- The monitoring logs are split into 2 MB sized files on the utnserver. As soon as this size is reached, the file will be saved to the WebDAV server.
WebDAV – Daily backup at Saves the monitoring logs to the WebDAV server daily at a time defined.
Note:This backup is created in addition to the continuous backup.
WebDAV – Export manually now Saves the monitoring logs to the WebDAV server immediately.
Note:This backup is created in addition to the continuous backup.
Email – Email address Defines the email address of the recipient for the monitoring logs.
Email – Email subject Defines the email subject line text for monitoring emails.
Email – Continuous backup Enables/disables the regular sending of monitoring logs via email.
Notes:
- Can only be used if POP3 and SMTP were configured beforehand.
- The monitoring logs are split into 2 MB sized files on the utnserver. As soon as this size is reached, the file will be sent as email attachment.
Email – Daily backup at Emails the monitoring logs daily at a time defined.
Note:This backup is created in addition to the continuous backup.
Email – Export manually now Emails the monitoring logs immediately.
Note:This backup is created in addition to the continuous backup.
Syslog-ng export Enables/disables the sending of monitoring logs to a Syslog-ng server.
Note: Can only be used if a Syslog-ng server was configured beforehand.
Syslog-ng export – Format Defines the format for monitoring information that the utnserver sends to the Syslog-ng server: IETF (RFC 5424) or Legacy (RFC 3164/BSD).
Security – SSL/TLS
Element Description
Encryption protocol Defines the encryption protocol to be used for SSL/TLS connections. Which protocols can be chosen depends on the product and its software version.
With 'any', the protocol is automatically negotiated by both communicating parties.
Encryption level Defines the encryption level to be used for all SSL/TLS connections.
- Any (The encryption is automatically negotiated by both communicating parties. The strongest encryption supported by both parties will always be chosen.)
- Low (weak encryption)
- Medium
- High (strong encryption)
Detailed information (connection status, cipher suites, etc.) can be found on the Details page.
SECURITY – Control Center
Element Description
Connection Defines the permitted type of connection to the utnserver Control Center:
- HTTP and HTTPS (unencrypted or encrypted connection)
- HTTPS only (always encrypted connections)
The encryption strength is defined via the encryption protocol and level.
User Accounts Defines the three user accounts (name and password) for the restricted access to the utnserver Control Center and the SNMP access.
- Administrator: Complete access to the utnserver Control Center. The user can see all pages and administrate.
- USB Manager: Restricted access to the utnserver Control Center. The user can only manage the USB ports (Security - USB subpage) and terminate activated port connections from the utnserver Control Center home page.
- Read-only user: Very restricted access to the utnserver Control Center. The user can only see the 'START' page.
Restrict Control Center access Enables/disables the utnserver Center access restriction. If access is restricted, a login screen is displayed when opening the utnserver Control Center.
Note: If access is restricted, user accounts must be defined.
Restrict Control Center access – Login screen displays Defines the type of login screen. It is either displayed:
- a list of users (user names are shown. Only the password must be entered.)
- the name and password dialog (A neutral login mask in which user name and password must be entered.)
Restrict Control Center access – Session timeout Enables/disables the session timeout. If there is no activity during the timeout defined, the connection to the utnserver Control Center is terminated for security reasons. In the box, enter the time in seconds after which the timeout is to be effective.
SECURITY – SNMP
Element Description
SNMPv1 Enables/disables SNMPv1.
SNMPv1 – Read-only Enables/disables the write protection for the community.
SNMPv1 – Community SNMP community name
The SNMP community is a basic form of access protection in which several participants with the same access rights are grouped together.
SNMPv3 Enables/disables SNMPv3.
Note: For SNMPv3 the user accounts 'Administrator' and 'Read-only user’ must be set up.
SNMPv3 – Hash Defines the hash algorithm.
SNMPv3 – Access rights Defines the access rights of the SNMP user.
SNMPv3 – Encryption Defines the encryption method. In addition, the password must be entered.
SECURITY – TCP port access
Element Description
Port access control Enables/disables the blocking of selected ports and thus connections to the utnserver.
You define the port types to be blocked in the 'Security level' area.
Caution: The utnserver may not receive information (e.g. via DNS and SNTP) anymore and that you won’t be able to access the utnserver Control Center.
In the 'Exceptions' area, define the network elements which are excluded from port blocking. Test your settings for the port access control via the 'Test mode’ in order to make sure you can access the utnserver.
Test mode Enables/disables the test mode.
With the test mode your can check your setting for the port access control. If the test mode is activated, the access protection remains active until the utnserver is rebooted.
Caution: After a successful test, you must deactivate the test mode so that access protection remains permanently active.
Whitelist Enables/disables the whitelist function.
When the White list function is enabled, only previously configured IP addresses and subnets are allowed for communication with the system.
Blacklist Enables/disables the blacklist function.
When the Black list function is enabled, previously configured IP addresses and subnets are excluded from communication with the system.
Security level Blocks the selected port types.
- Block UTN access (UTN ports)
- Block TCP access (TCP ports: HTTP/HTTPS, UTN )
- Block all (all IP ports)

Notes:
- The parameter 'Port access control' must be enabled for the blocking to be effective.
- In the 'Exceptions' area, define the network elements which are excluded from port blocking. Test your settings for the port access control via the 'Test mode’ in order to make sure you can access the utnserver.
Exceptions Defines elements that are excluded from port blocking using their IP or hardware address. You can define up to 16 exceptions. Using wildcards (*), you can define subnetworks.
Note: Hardware addresses (MAC) are not delivered through routers!
SECURITY – Certificates
Element Description
Certificates status You can view installed certificates, save them locally or delete them. To do so, click the respective icon.
Self-signed certificate Displays a page to create a self-signed certificate. The self-signed certificate is created and immediately installed on the utnserver.
Certificate request Starts a page for the creation of a certificate request.
In order to use a certificate that has been issued especially for the utnserver, a certificate request may be created. You send it to the certification authority which creates an certificate on the basis of this request. After you have received the requested certificate, you have to install it in the utnserver.
PKCS#12 certificate Displays a page for the installation of a PKCS#12 certificate.
PKCS#12 certificates are used to save private keys and their corresponding certificates in one file. In addition, the file is protected with a password.
Note: The PKCS#12 certificate must be in 'base64' format.
Requested certificate Displays a page for the installation of a certificate, that has been created by a certification authority (CA) for the utnserver on the basis of a certificate request.
Note: The certificate must be in 'base64' format.
S/MIME certificate Displays a page for the installation of an S/MIME certificate.
S/MIME certificates (*.pem file) are used to sign and encrypt emails which are sent by the utnserver.
Note: The S/MIME certificate must be in 'base64' format.
CA certificate Displays a page for the installation of a certification authority's (CA) certificate.
CA certificates are used for verifying certificates that have been issued by the respective certification authority.
Note: The CA certificate must be in 'base64' format. Up to 32 CA certificates can be installed.
SECURITY – Authentication
Element Description
Authentication method Defines an authentication mechanism (according to IEEE 802.1X).
If you are using an authentication mechanism in your network, the utnserver can participate.
User name Defines the user name that is set up for the utnserver on the RADIUS server for the EAP authentication methods MD5, TTLS, PEAP, and FAST.
Password Defines the password that is set up for the utnserver on the RADIUS server for the EAP authentication methods MD5, TTLS, PEAP, and FAST.
PEAP/EAP-FAST options Defines the kind of external authentication for the EAP authentication methods TTLS, PEAP, and FAST.
Inner authentication Defines the kind of inner authentication for the EAP authentication methods TTLS, PEAP, and FAST.
EAP root certificate Defines the root certificate for the authentication procedure.
Choose the root CA certificate of the certification authority that has issued the certificate of the authentication server (RADIUS).
Note: The CA certificate must already be installed on the device.
Anonymous name Defines the anonymous name for the unencrypted part of the EAP authentication methods TTLS, PEAP, and FAST.
WPA add-on Defines an optional WPA expansion for the EAP authentication methods TTLS, PEAP, and FAST.
SECURITY – USB
Element Description
Encrypt USB communication (SSL/TLS) Enables/disables the SSL/TLS encryption of the entire USB and UTN communication.
The encryption strength is defined via the encryption protocol and level.
Disable input devices (HID class) Enables/disables the blocking of input devices (HID – human interface devices).
'Enable/disable input devices (HID class) for all ports' enables or disables all ports at once.
The feature protects the utnserver from USB devices that present themselves as HID class devices but actually used for abuse (known as 'BadUSB').
USB Shows the USB port type (2.0 Hi-Speed or USB 3.0 SuperSpeed).
Flash Enables/disables the power supply for the USB port (i.e. the USB device connected to the port).
With this feature you can (de)activate a USB device connected to the USB port (e.g. in case of an error) or disable used USB ports (to increase security).
Name Freely definable description of the USB port.
If no port name is defined, the default name of the USB device connected will be used. Using the port name, the connected USB device can be displayed with the desired name.
Lock Information on security mechanisms that are set up for the USB port:
- Port key control
- Device assignment
- Port key control and device assignment combined
VLAN Allocates a VLAN to the USB port.
USB device Information on the connected USB device: Name (product ID – PID), serial number, manufacturer (vendor ID – VID).
Change Opens a sub page for the respective USB port for configuring the security features port port key control and device assignment.
Details Shows information on the USB port and the connected USB device.
SECURITY – USB port
Element Description
Description Allows a description of the USB port. The written information is displayed on the properties page of the UTN manager for the corresponding USB port.
(A line break can be created with <br>. The maximum string length is 128byte.)
Method Defines a method to limit the access to USB devices which are connected to the utnserver:
- Port key control: A key is defined for the USB port. The USB port nor the connected USB device are shown in the SEH UTN Manager, however a connection cannot be established. To do so, the key must be entered in the SEH UTN Manager.
- Device assignment: A certain USB device is assigned to a USB port. This is achieved by linking the USB port and USB device through the vendor ID (short VID) and product ID (short PID) of the USB device. The combination of VID and PID is specific to a certain USB device model which means that only USB devices of this specific model can be used on the USB port. This way you can assure, that (security) settings cannot be circumvented by connecting USB devices to other ports.
- Port key control/device assignment: Combines the methods described above.
- Timeout: Disables access to USB devices at a predetermined time. Deactivation takes place on the UTN server and thus enables centralized administration. Users receive a notification when deactivation is about to occur.
Key Specifies the key for the port key control. You can have the key generated for you or enter one manually (max. 64 ASCII characters). You can assign up to 2 keys with different validity to one USB port.
Validity Defines the validity of a port key. Using the validity, you can define when users can access a USB port and the connected USB device:
- off (never valid; use 'off' when you want to keep the key but deactivate it for the time being)
- forever (always valid)
- expires on (valid until hour X on day Z)
- weekly (valid on the weekdays X defined, from hour Y to Z)
USB device Shows the VID (Vendor ID) and PID (Product ID) of the USB device that is assigned to the USB port via the device assignment. You can assign the USB device by clicking 'Allocate device'.
MAINTENANCE – Backup
Element Description
Parameter file – View You can view the current parameter values of the utnserver.
Parameter file – Export You can save the current parameter values of the utnserver locally to your client as text file.
Note: You can edit the saved parameter file with a text editor and then load it onto a utnserver.
Parameter file – Restore Imports a previously selected parameters file onto the utnserver. The utnserver will adopt the parameter values in the file.
System backup – WebDAV Note: You must configure a WebDAV-Server to use the WebDAV backup.
WebDAV – Server directory Defines the directory on the WebDAV server in which the system backups are saved.
WebDAV – Create directories for individual days Enables/disables the creation of subdirectories in which the daily system backups are saved.
Note: After one year, the FIFO method (first, in, first-out) is applied. For example, January 01 of last year will be replaced by January 01 of the current year.
WebDAV – Changes backup Enables/disables the system backup to a WebDAV server. The backup takes place if the device configuration is changed.
Note: Can only be used if a WebDAV server was configured beforehand.
WebDAV – Daily backup Saves daily system backups to the WebDAV server at a time defined.
WebDAV – Backup manually now Saves the system backup to the WebDAV server immediately.
MAINTENANCE – Default settings
Element Description
Default settings Resets the parameters of the utnserver to the default (factory settings).
Note: Since the IP address of the utnserver will be reset as well, the utnserver Control Center cannot be started or displayed in the browser after the reset. Installed certificates will not be deleted.
MAINTENANCE – Update
Element Description
Update Installs a previously selected update file (software) on the utnserver.
In an update, the old software is overwritten and replaced by the new version. The device configuration will not be changed.
MAINTENANCE – Restart
Element Description
Restart Initiates a restart of the utnserver.