dongleserver ProMAX
en
dongleserver Control Center
Online help
Version 1.0
| NETWORK – IPv4 | |
|---|---|
| Element | Description |
| DHCP | Enables/disables the DHCP protocol. The UTN server receives its IPv4 configuration (IP address, Netmask, Gateway, DNS) automatically via the protocol. |
| ARP/PING | Enables/disables the IP address assignment via ARP/PING. You can use the commands ARP and PING to change an IP address which was assigned via Zeroconf during the initial setup. |
| IP address | IP address of the UTN server |
| Subnet mask | Subnet mask of the UTN server |
| Gateway | Gateway address of the UTN server |
| DNS | Enables/disables the name resolution via a DNS server. DNS allows for the mutual assignment of names and addresses. |
| Primary DNS server | Defines the IP address of the primary DNS server. |
| Secondary DNS server | Defines the IP address of the secondary DNS server. The secondary DNS server is used if the primary DNS server is not available. |
| Domain name (suffix) | Defines the domain name of an existing DNS server. |
| NETWORK – IPv4-VLAN | |
|---|---|
| Element | Description |
| IPv4 management VLAN | Enables/disables the forwarding of IPv4 management VLAN data. If this option is enabled, SNMP is only available in the IPv4 management VLAN. |
| IPv4 management VLAN – VLAN ID | ID for the identification of the IPv4 management VLAN (1-4094). |
| IPv4 management VLAN – IP address | IP address of the UTN server |
| IPv4 management VLAN – Subnet mask | Subnet mask of the UTN server |
| IPv4 management VLAN – Gateway | Gateway address of the IPv4 management VLAN. |
| IPv4 management VLAN – Access from any VLAN | Enables/disables the web access (dongleserver Control Center) to the UTN server via IPv4 client VLANs. If this option is enabled, the UTN server can be administrated via all VLANs. |
| IPv4 management VLAN – Access via LAN (untagged) | Enables/disables the web access (dongleserver Control Center) to the UTN server via IPv4 packets without tag. If this option is disabled, the UTN server can only be administrated via VLANs. |
| IPv4 client VLAN – VLAN | Enables/disables the forwarding of IPv4 client VLAN data. |
| IPv4 client VLAN – IP address | IP address of the UTN server within the IPv4 client VLAN. |
| IPv4 client VLAN – Subnet mask | Subnet mask of the UTN server within the IPv4 client VLAN. |
| IPv4 client VLAN – Gateway | Gateway address of the IPv4 client VLAN. |
| IPv4 client VLAN – VLAN ID | ID for the identification of the IPv4 client VLAN (1–4094). |
| NETWORK – IPv6 | |
|---|---|
| Element | Description |
| IPv6 | Enables/disables the IPv6 feature. |
| Automatic configuration | Enables/disables the automatic assignment of the IPv6 address for the UTN server. |
| IPv6 address | Defines a UTN server IPv6 unicast address assigned manually in the format n:n:n:n:n:n:n:n. Every 'n' represents the hexadecimal value of one of the eight 16 bit elements of the address. |
| Router | Defines the IPv6 unicast address of the router. The UTN server sends its 'Router Solicitations' (RS) to this router. |
| Prefix length | Defines the length of the subnet prefix for the IPv6 address. The value 64 is preset. Address ranges are specified by prefixes. The prefix length (number of bits used) is added to the IPv6 address and specified as a decimal number. The decimal number is separated by '/'. |
| NETWORK – Email | |
|---|---|
| Element | Description |
| POP3 | Enables/disables the POP3 feature. |
| POP3 – Server address | Defines the POP3 server via its IP address or host name. (A host name can only be used if a DNS server was configured beforehand.) |
| POP3 – Server port | Defines the port used by the UTN server for receiving emails. The port number 110 is preset. When using SSL/TLS, enter 995 as port number. |
| POP3 – Security | Defines the authentication method to be used (APOP/SSL/TLS). When using SSL/TLS, the cipher strength is defined via the encryption level. |
| POP3 – Check mail every | Defines the time interval (in minutes) for retrieving emails from the POP3 server. |
| POP3 – Ignore mail exceeding | Defines the maximum email size (in Kbyte) to be accepted by the UTN server. (0 = unlimited) |
| POP3 – User name | Defines the user name used by the UTN server to log on to the POP3 server. |
| POP3 – Password | Defines the password used by the UTN server to log on to the POP3 server. |
| SMTP – Server address | Defines the SMTP server via its IP address or host name. (A host name can only be used if a DNS server was configured beforehand.) |
| SMTP – Server port | Defines the port number used by the UTN server to send emails to the SMTP server. The port number 25 is preset. |
| SMTP – SSL/TLS | Enables/disables the SSL/TLS encryption for the communication between UTN server and SMTP server. The encryption strength is defined via the encryption protocol and level. |
| SMTP – Sender name | Defines the email address used by the UTN server to send emails. (Very often the name of the sender and the user name are identical.) |
| SMTP – Login | Enables/disables the SMTP authentication for the login. |
| SMTP – User name | Defines the user name used by the UTN server to log on to the SMTP server. |
| SMTP – Password | Defines the password used by the UTN server to log on to the SMTP server. |
| SMTP – Security (S/MIME) | Enables/disables the signing of emails with S/MIME. A signature created by the sender allows the recipient to verify the identity of the sender and to make sure that the email was not modified. An S/MIME certificate is required for all security features. |
| SMTP – Attach public key | Sends the public key together with the email. Many email clients require the public key to be attached in order to view the emails. |
| SMTP – Encryption | Defines the encryption of emails. Only the recipient can open and read the encrypted email. |
| NETWORK – Bonjour | |
|---|---|
| Element | Description |
| Bonjour | Enables/disables the Bonjour feature. Bonjour is a technology which automatically finds computers, devices and different network services in IP networks. |
| Bonjour name | Defines the Bonjour name of the UTN server. The UTN server uses this name for its Bonjour services. If no Bonjour name is entered, the default name will be used (device name@ICxxxxxx). |
| NETWORK – Server | |
|---|---|
| Element | Description |
| WebDAV | Enables/disables the WebDaV feature. The UTN server can send data to a WebDAV server, e.g. for monitoring purposes. |
| WebDAV – Server address | Defines a WebDAV server via its IP address or host name. (A host name can only be used if a DNS server was configured beforehand.) |
| WebDAV – User name | Defines the user name used by the UTN server to log on to the WebDAV server. |
| WebDAV – Password | Defines the password used by the UTN server to log on to the WebDaV server. |
| WebDAV – SSL/TLS | Enables/disables the SSL/TLS encryption for the communication between the UTN and WebDAV server. The encryption strength is defined via the encryption protocol and level. |
| Syslog-ng | Enables/disables the Syslog-ng feature. The UTN server can send data to a Syslog-ng server, e.g. for monitoring purposes. |
| Syslog-ng – Server address | Defines a Syslog-ng server via its IP address or the host name. (A host name can only be used if a DNS server was configured beforehand.) |
| Syslog-ng – Server port | Defines the port number used by the UTN server to communicate with the Syslog-ng server. The port number 514 is preset. |
| Syslog-ng – SSL/TLS | Enables/disables the SSL/TLS encryption for the communication between the UTN and Syslog-ng server. The encryption strength is defined via the encryption protocol and level. |
| DEVICE – Description | |
|---|---|
| Element | Description |
| Host name | Defines the host name of the UTN server. |
| Description | Freely definable description |
| Contact person | Freely definable description |
| Identifier (display panel) | Defines the identifier shown in the display panel on the front side of the Dongleserver. (1–2 characters; A–Z, 0–9) |
| DEVICE – Date/Time | |
|---|---|
| Element | Description |
| Time zone | Adapts the device time (which is either set via the device clock or received via a time server) to your local standard time including country-specific particularities such as summer time. |
| Device clock | Manually defines date and time for the hardware clock of the UTN server. If the device is powered off, the device clock will continue to run for a certain period. A correct time setting is required for some network mechanisms such as authentication. Therefore, we recommend to use a time server in regular operation and the use of the device clock only for special cases like the initial setup. |
| Time server | Enables/disables the use of a time server (SNTP). A time server synchronizes the time of devices within a network, so that all devices have a correct time setting and can use time-dependent network mechanisms such as authentication. |
| Server address | Defines a time server via its IP address or host name. (A host name can only be used if a DNS server was configured beforehand.) |
| DEVICE – UTN Port | |
|---|---|
| Element | Description |
| UTN port | Defines the number of the UTN port for unencrypted connections. Client and UTN server communicate via the UTN port. The port number 9200 is preset. Note: The UTN port must not be blocked by security software (firewall). |
| Encrypted UTN port | Defines the number of the UTN port for encrypted connections. The encrypted UTN port is used for SSL/TLS encrypted connections between the client and UTN server. The port number 9443 is preset. Note: The encrypted UTN port must not be blocked by security software (firewall). |
| DEVICE – NOTIFICATION | |
|---|---|
| Element | Description |
| Note: You must configure POP3 und SMTP to use the notification service. | |
| Email – Email address | Defines the email address of the recipient to which the emails will be sent. |
| Status email – Recipient | Enables/disables the periodical sending of a status email to recipient 1 or 2. |
| Status email – Interval | Specifies the interval at which a status email is sent. |
| Email subject | Defines the email subject line text for notification and status emails. |
| SNMP traps | Note: SNMP traps can only be used if SNMP was configured beforehand. |
| SNMP traps – Address | Defines the SNMP trap address of the recipient. |
| SNMP traps – Community | Defines the SNMP trap community of the recipient. |
| SNMP traps – SNMP version | Defines the SNMP protocol for the sending of SNMP traps. |
| Display panel – Only one power supply works | Enables/disables the display of error messages in the display panel if the UTN server only is supplied by one power supply. |
| Display panel – SD card error | Enables/disables the display of error messages in the display panel if no SD card is inserted into the UTN server or if the SD card cannot be used. |
| Display panel – Only one network connection is established | Enables/disables the display of error messages in the display panel if only one of the two network connections of the UTN server is established. |
| Acoustic signal – Only one power supply works | Enables/disables the acoustic signal that sounds if the UTN server only is supplied by one power supply. |
| Acoustic signal – SD card error | Enables/disables the acoustic signal that sounds if no SD card is inserted into the UTN server or if the SD card cannot be used. |
| Acoustic signal – Only one network connection is established | Enables/disables the acoustic signal that sounds if only one of the two network connections of the UTN server is established. |
| DEVICE – Monitoring | |
|---|---|
| Element | Description |
| Monitoring | Enables/disables the monitoring of systems values, events, and errors. |
| View log | Shows the current monitoring log. |
| Export | Saves the current monitoring log to the client. |
| Delete | Deletes the current monitoring log. |
| Values | Defines the systems values, events, and errors which are to be monitored. |
| WebDAV – Directory | Defines the directory on the WebDAV server in which the monitoring logs are saved. |
| WebDAV – Create directories for individual days | Enables/disables the creation of subdirectories in which the monitoring logs of one day are saved. Note: After one year, the FIFO method (first, in, first-out) is applied. For example, January 01 of last year will be replaced by January 01 of the current year. |
| WebDAV – Continuous backup | Enables/disables the regular backup of monitoring logs on the WebDAV server. Notes: - Can only be used if a WebDAV server was configured beforehand. - The monitoring logs are split into 2 MB sized files on the UTN server. As soon as this size is reached, the file will be saved to the WebDAV server. |
| WebDAV – Daily backup at | Saves the monitoring logs to the WebDAV server daily at a time defined. Note:This backup is created in addition to the continuous backup. |
| WebDAV – Export manually now | Saves the monitoring logs to the WebDAV server immediately. Note:This backup is created in addition to the continuous backup. |
| Email – Email address | Defines the email address of the recipient for the monitoring logs. |
| Email – Email subject | Defines the email subject line text for monitoring emails. |
| Email – Continuous backup | Enables/disables the regular sending of monitoring logs via email. Notes: - Can only be used if POP3 and SMTP were configured beforehand. - The monitoring logs are split into 2 MB sized files on the UTN server. As soon as this size is reached, the file will be sent as email attachment. |
| Email – Daily backup at | Emails the monitoring logs daily at a time defined. Note:This backup is created in addition to the continuous backup. |
| Email – Export manually now | Emails the monitoring logs immediately. Note:This backup is created in addition to the continuous backup. |
| Syslog-ng export | Enables/disables the sending of monitoring logs to a Syslog-ng server. Note: Can only be used if a Syslog-ng server was configured beforehand. |
| Syslog-ng export – Format | Defines the format for monitoring information that the UTN server sends to the Syslog-ng server: IETF (RFC 5424) or Legacy (RFC 3164/BSD). |
| Security – SSL/TLS | |
|---|---|
| Element | Description |
| Encryption protocol | Defines the encryption protocol to be used for SSL/TLS connections. Which protocols can be chosen depends on the product and its software version. With 'any', the protocol is automatically negotiated by both communicating parties. |
| Encryption level | Defines the encryption level to be used for all SSL/TLS connections. - Any (The encryption is automatically negotiated by both communicating parties. The strongest encryption supported by both parties will always be chosen.) - Low (weak encryption) - Medium - High (strong encryption) |
| Detailed information (connection status, cipher suites, etc.) can be found on the Details page. | |
| SECURITY – Control Center | |
|---|---|
| Element | Description |
| Connection | Defines the permitted type of connection to the dongleserver Control Center: - HTTP and HTTPS (unencrypted or encrypted connection) - HTTPS only (always encrypted connections) The encryption strength is defined via the encryption protocol and level. |
| User Accounts | Defines the two user accounts (name and password) for the restricted access to the dongleserver Control Center and the SNMP access. - Administrator: Complete access to the dongleserver Control Center. The user can see all pages and administrate. - Read-only user: Very restricted access to the dongleserver Control Center. The user can only see the 'START' page. |
| Restrict Control Center access | Enables/disables the dongleserver Center access restriction. If access is restricted, a login screen is displayed when opening the dongleserver Control Center. Note: If access is restricted, user accounts must be defined. |
| Restrict Control Center access – Login screen displays | Defines the type of login screen. It is either displayed: - a list of users (user names are shown. Only the password must be entered.) - the name and password dialog (A neutral login mask in which user name and password must be entered.) |
| Restrict Control Center access – Session timeout | Enables/disables the session timeout. If there is no activity during the timeout defined, the connection to the dongleserver Control Center is terminated for security reasons. In the box, enter the time in seconds after which the timeout is to be effective. |
| SECURITY – SNMP | |
|---|---|
| Element | Description |
| SNMPv1 | Enables/disables SNMPv1. |
| SNMPv1 – Read-only | Enables/disables the write protection for the community. |
| SNMPv1 – Community | SNMP community name The SNMP community is a basic form of access protection in which several participants with the same access rights are grouped together. |
| SNMPv3 | Enables/disables SNMPv3. Note: For SNMPv3 the user accounts 'Administrator' and 'Read-only user’ must be set up. |
| SNMPv3 – Hash | Defines the hash algorithm. |
| SNMPv3 – Access rights | Defines the access rights of the SNMP user. |
| SNMPv3 – Encryption | Defines the encryption method. In addition, the password must be entered. |
| SECURITY – TCP port access | |
|---|---|
| Element | Description |
| Port access control | Enables/disables the blocking of selected ports and thus connections to the UTN server. You define the port types to be blocked in the 'Security level' area. Caution: The UTN server may not receive information (e.g. via DNS and SNTP) anymore and that you won’t be able to access the dongleserver Control Center. In the 'Exceptions' area, define the network elements which are excluded from port blocking. Test your settings for the port access control via the 'Test mode’ in order to make sure you can access the UTN server. |
| Test mode | Enables/disables the test mode. With the test mode your can check your setting for the port access control. If the test mode is activated, the access protection remains active until the UTN server is rebooted. Caution: After a successful test, you must deactivate the test mode so that access protection remains permanently active. |
| Security level | Blocks the selected port types. - Block UTN access (UTN ports) - Block TCP access (TCP ports: HTTP/HTTPS, UTN) - Block all (all IP ports) Notes: - The parameter 'Port access control' must be enabled for the blocking to be effective. - In the 'Exceptions' area, define the network elements which are excluded from port blocking. Test your settings for the port access control via the 'Test mode’ in order to make sure you can access the UTN server. |
| Exceptions | Defines elements that are excluded from port blocking using their IP or hardware address. You can define up to 16 exceptions. Using wildcards (*), you can define subnetworks. Note: Hardware addresses (MAC) are not delivered through routers! |
| SECURITY – Certificates | |
|---|---|
| Element | Description |
| Certificates status | You can view installed certificates, save them locally or delete them. To do so, click the respective icon. |
| Self-signed certificate | Displays a page to create a self-signed certificate. The self-signed certificate is created and immediately installed on the UTN server. |
| Certificate request | Starts a page for the creation of a certificate request. In order to use a certificate that has been issued especially for the UTN server, a certificate request may be created. You send it to the certification authority which creates an certificate on the basis of this request. After you have received the requested certificate, you have to install it in the UTN server. |
| PKCS#12 certificate | Displays a page for the installation of a PKCS#12 certificate. PKCS#12 certificates are used to save private keys and their corresponding certificates in one file. In addition, the file is protected with a password. Note: The PKCS#12 certificate must be in 'base64' format. |
| Requested certificate | Displays a page for the installation of a certificate, that has been created by a certification authority (CA) for the UTN server on the basis of a certificate request. Note: The certificate must be in 'base64' format. |
| S/MIME certificate | Displays a page for the installation of an S/MIME certificate. S/MIME certificates (*.pem file) are used to sign and encrypt emails which are sent by the UTN server. Note: The S/MIME certificate must be in 'base64' format. |
| CA certificate | Displays a page for the installation of a certification authority's (CA) certificate. CA certificates are used for verifying certificates that have been issued by the respective certification authority. Note: The CA certificate must be in 'base64' format. Up to 32 CA certificates can be installed. |
| SECURITY – Authentication | |
|---|---|
| Element | Description |
| Authentication method | Defines an authentication mechanism (according to IEEE 802.1X). If you are using an authentication mechanism in your network, the UTN server can participate. |
| User name | Defines the user name that is set up for the UTN server on the RADIUS server for the EAP authentication methods MD5, TTLS, PEAP, and FAST. |
| Password | Defines the password that is set up for the UTN server on the RADIUS server for the EAP authentication methods MD5, TTLS, PEAP, and FAST. |
| PEAP/EAP-FAST options | Defines the kind of external authentication for the EAP authentication methods TTLS, PEAP, and FAST. |
| Inner authentication | Defines the kind of inner authentication for the EAP authentication methods TTLS, PEAP, and FAST. |
| EAP root certificate | Defines the root certificate for the authentication procedure. Choose the root CA certificate of the certification authority that has issued the certificate of the authentication server (RADIUS). Note: The CA certificate must already be installed on the device. |
| Anonymous name | Defines the anonymous name for the unencrypted part of the EAP authentication methods TTLS, PEAP, and FAST. |
| WPA add-on | Defines an optional WPA expansion for the EAP authentication methods TTLS, PEAP, and FAST. |
| SECURITY – USB port | |
|---|---|
| Element | Description |
| Encrypt USB communication (SSL/TLS) | Enables/disables the SSL/TLS encryption of the entire USB and UTN communication. The encryption strength is defined via the encryption protocol and level. |
| Disable input devices (HID class) | Enables/disables the blocking of input devices (HID – human interface devices). The feature protects the UTN server from USB devices that present themselves as HID class devices but actually used for abuse (known as 'BadUSB'). |
| USB | Shows the USB port type (2.0 Hi-Speed or USB 3.0 SuperSpeed). |
| Flash | Enables/disables the power supply for the USB port (i.e. the USB device connected to the port). With this feature you can (de)activate a USB device connected to the USB port (e.g. in case of an error) or disable used USB ports (to increase security). |
| Name | Freely definable description of the USB port. If no port name is defined, the default name of the USB device connected will be used. Using the port name, the connected USB device can be displayed with the desired name. |
| Lock | Information on security mechanisms that are set up for the USB port: - Port key control - Device assignment - Port key control and device assignment combined |
| VLAN | Allocates a VLAN to the USB port. |
| USB device | Information on the connected USB device: Name (product ID – PID), serial number, manufacturer (vendor ID – VID). |
| Change | Opens a sub page for the respective USB port for configuring the security features port port key control and device assignment. |
| Details | Shows information on the USB port and the connected USB device. |
| SECURITY – USB port | |
|---|---|
| Element | Description |
| Method | Defines a method to limit the access to USB devices which are connected to the UTN server: - Port key control: A key is defined for the USB port. The USB port nor the connected USB device are shown in the SEH UTN Manager, however a connection cannot be established. To do so, the key must be entered in the SEH UTN Manager. - Device assignment: A certain USB device is assigned to a USB port. This is achieved by linking the USB port and USB device through the vendor ID (short VID) and product ID (short PID) of the USB device. The combination of VID and PID is specific to a certain USB device model which means that only USB devices of this specific model can be used on the USB port. This way you can assure, that (security) settings cannot be circumvented by connecting USB devices to other ports. - Port key control/device assignment: Combines the methods described above. |
| Key | Specifies the key for the port key control. You can have the key generated for you or enter one manually (max. 64 ASCII characters). You can assign up to 2 keys with different validity to one USB port. |
| Validity | Defines the validity of a port key. Using the validity, you can define when users can access a USB port and the connected USB device: - off (never valid; use 'off' when you want to keep the key but deactivate it for the time being) - forever (always valid) - expires on (valid until hour X on day Z) - weekly (valid on the weekdays X defined, from hour Y to Z) |
| USB device | Shows the VID (Vendor ID) and PID (Product ID) of the USB device that is assigned to the USB port via the device assignment. You can assign the USB device by clicking 'Allocate device'. |
| MAINTENANCE – Backup | |
|---|---|
| Element | Description |
| Parameter file – View | You can view the current parameter values of the UTN server. |
| Parameter file – Export | You can save the current parameter values of the UTN server locally to your client as text file. Note: You can edit the saved parameter file with a text editor and then load it onto a UTN server. |
| Parameter file – Restore | Imports a previously selected parameters file onto the UTN server. The UTN server will adopt the parameter values in the file. |
| System backup – WebDAV | Note: You must configure a WebDAV-Server to use the WebDAV backup. |
| WebDAV – Server directory | Defines the directory on the WebDAV server in which the system backups are saved. |
| WebDAV – Create directories for individual days | Enables/disables the creation of subdirectories in which the daily system backups are saved. Note: After one year, the FIFO method (first, in, first-out) is applied. For example, January 01 of last year will be replaced by January 01 of the current year. |
| WebDAV – Changes backup | Enables/disables the system backup to a WebDAV server. The backup takes place if the device configuration is changed. Note: Can only be used if a WebDAV server was configured beforehand. |
| WebDAV – Daily backup | Saves daily system backups to the WebDAV server at a time defined. |
| WebDAV – Backup manually now | Saves the system backup to the WebDAV server immediately. |
| SD card – Changes backup | Enables/disables the system backup to the SD card. The backup takes place if the device configuration is changed. |
| MAINTENANCE – Default settings | |
|---|---|
| Element | Description |
| Default settings | Resets the parameters of the UTN server to the default (factory settings). Note: Since the IP address of the UTN server will be reset as well, the dongleserver Control Center cannot be started or displayed in the browser after the reset. Installed certificates will not be deleted. |
| Update | |
|---|---|
| Element | Description |
| Update | Installs a previously selected update file (software) on the UTN server. In an update, the old software is overwritten and replaced by the new version. The device configuration will not be changed. |
| MAINTENANCE – Restart | |
|---|---|
| Element | Description |
| Restart | Initiates a restart of the UTN server. |