utnserver Control Center
Online help
Version 1.2

NETWORK – IPv4
Element Description
DHCP Enables/disables the DHCP protocol.
The utnserver receives its IPv4 configuration automatically via the protocol.
ARP/PING Enables/disables the IP address assignment via ARP/PING.
You can use the commands ARP and PING to change an IP address which was assigned via Zeroconf during the initial setup.
IP address IP address of the utnserver
Prefix length The IP address and the prefix length defines the network mask of the utnserver.
Router Router address of the utnserver
NETWORK – IPv6
Element Description
IPv6 Enables/disables the IPv6 feature.
Automatic configuration Enables/disables the automatic assignment of the IPv6 address for the utnserver.
IPv6 address Defines a utnserver IPv6 unicast address assigned manually in the format n:n:n:n:n:n:n:n. Every 'n' represents the hexadecimal value of one of the eight 16 bit elements of the address.
Router Defines the IPv6 unicast address of the router. The utnserver sends its 'Router Solicitations' (RS) to this router.
Prefix length Defines the length of the subnet prefix for the IPv6 address. The value 64 is preset.
Address ranges are specified by prefixes. The prefix length (number of bits used) is added to the IPv6 address and specified as a decimal number. The decimal number is separated by '/'.
NETWORK – IP-VLAN
Element Description
IP management VLAN &ndash Enables/disables the forwarding of IP management VLAN data.
If this option is enabled, SNMP is only available in the IP management VLAN.
Management VLAN selection menu Sets the management VLAN vin the network.
IP management VLAN – TCP access via LAN (untagged) Enables/disables the web access (utnserver Control Center) to the utnserver via IP packets without tag.
If this option is disabled, the utnserver can only be administrated via VLANs.< br>Note:The SNMP works exclusively via LAN and the VLAN specified in the selection menu.
NETWORK – DNS
Element Description
DNS Enables/disables the name resolution via a DNS server.
DNS allows for the mutual assignment of names and addresses.
Primary DNS server Defines the IP address of the primary DNS server.
Secondary DNS server Defines the IP address of the secondary DNS server.
The secondary DNS server is used if the primary DNS server is not available.
Domain name (suffix) Defines the domain name of an existing DNS server.
Preferred address type Specifies which address type is used after the IP address is returned from the DNS server. (This option is only relevant if IPv4 and IPv6 is enabled.)
NETWORK – Email
Element Description
POP3 Enables/disables the POP3 feature.
POP3 – Server address Defines the POP3 server via its IP address or host name.
(A host name can only be used if a DNS server was configured beforehand.)
POP3 – Server port Defines the port used by the utnserver for receiving emails.
The port number 110 is preset. When using SSL/TLS, enter 995 as port number.
POP3 – Security Defines the authentication method to be used (APOP/SSL/TLS).
When using SSL/TLS, the cipher strength is defined via the encryption level.
POP3 – Check mail every Defines the time interval (in minutes) for retrieving emails from the POP3 server.
POP3 – Ignore mail exceeding Defines the maximum email size (in Kbyte) to be accepted by the utnserver.
(0 = unlimited)
POP3 – User name Defines the user name used by the utnserver to log on to the POP3 server.
POP3 – Password Defines the password used by the utnserver to log on to the POP3 server.
SMTP – Server address Defines the SMTP server via its IP address or host name.
(A host name can only be used if a DNS server was configured beforehand.)
SMTP – Server port Defines the port number used by the utnserver to send emails to the SMTP server.
The port number 25 is preset.
SMTP – SSL/TLS Enables/disables the SSL/TLS encryption for the communication between utnserver and SMTP server.
The encryption strength is defined via the encryption protocol and level.
SMTP – Sender name Defines the email address used by the utnserver to send emails.
(Very often the name of the sender and the user name are identical.)
SMTP – Login Enables/disables the SMTP authentication for the login.
SMTP – User name Defines the user name used by the utnserver to log on to the SMTP server.
SMTP – Password Defines the password used by the utnserver to log on to the SMTP server.
SMTP – Security (S/MIME) Enables/disables the signing of emails with S/MIME.
A signature created by the sender allows the recipient to verify the identity of the sender and to make sure that the email was not modified. An S/MIME certificate is required for all security features.
SMTP – Attach public key Sends the public key together with the email. Many email clients require the public key to be attached in order to view the emails.
SMTP – Encryption Defines the encryption of emails.
Only the recipient can open and read the encrypted email.
NETWORK – Bonjour
Element Description
Bonjour Enables/disables the Bonjour feature.
Bonjour is a technology which automatically finds computers, devices and different network services in IP networks.
Bonjour name Defines the Bonjour name of the utnserver.
The utnserver uses this name for its Bonjour services. If no Bonjour name is entered, the default name will be used (device name@ICxxxxxx).
DEVICE – Description
Element Description
Host name Defines the host name of the utnserver.
Description Freely definable description
Contact person Freely definable description
DEVICE – Date/Time
Element Description
Time zone Adapts the device time (which is either set via the device clock or received via a time server) to your local standard time including country-specific particularities such as summer time.
Time server Enables/disables the use of a time server (SNTP).
A time server synchronizes the time of devices within a network, so that all devices have a correct time setting and can use time-dependent network mechanisms such as authentication.
Server address Defines a time server via its IP address or host name.
(A host name can only be used if a DNS server was configured beforehand.)
DEVICE – UTN Port
Element Description
UTN port Defines the number of the UTN port for unencrypted connections.
Client and utnserver communicate via the UTN port. The port number 9200 is preset.
Note: The UTN port must not be blocked by security software (firewall).
Encrypted UTN port Defines the number of the UTN port for encrypted connections.
The encrypted UTN port is used for SSL/TLS encrypted connections between the client and utnserver. The port number 9443 is preset.
Note: The encrypted UTN port must not be blocked by security software (firewall).
DEVICE – NOTIFICATION
Element Description
Email Note: You must configure POP3 und SMTP to use the notification service.
Email – Email address Defines the email address of the recipient to which the emails will be sent.
Status email – Recipient Enables/disables the periodical sending of a status email to recipient 1 or 2.
Status email – Interval Specifies the interval at which a status email is sent.
Email subject Defines the email subject line text for notification and status emails.
SNMP traps Note: SNMP traps can only be used if SNMP was configured beforehand.
SNMP traps – Address Defines the SNMP trap address of the recipient.
SNMP traps – Community Defines the SNMP trap community of the recipient.
SNMP traps – SNMP version Defines the SNMP protocol for the sending of SNMP traps.
Device – Relay
Element Description
Clear all Events/Reset Relay Clears all events and resets the relay
Relay activation - user-defined Manually switches the relay to the desired position (open or closed). The relay remains in the selected position.
Relay activation - event-related The relay switches from the open to the closed position as soon as one of the selected events occurs. After that, the relay does not switch back automatically. To do this, the event must first be manually deleted and the relay has to be reset.
Relay activation - status-related By default, the relay is in open position. As soon as one chosen device status occurs, the relay switches to closed position. As soon as the status changes back, the relay automatically returns to open position.
Fixed position - open Manually switches the relay to the closed position and the relay activation to user-defined.
Fixed position - closed Manually switches the relay to the closed position and the relay activation to user-defined.
Security – SSL/TLS
Element Description
Encryption protocol Defines the encryption protocol to be used for SSL/TLS connections. Which protocols can be chosen depends on the product and its software version.
With 'any', the protocol is automatically negotiated by both communicating parties.
Encryption level Defines the encryption level to be used for all SSL/TLS connections.
- Any (The encryption is automatically negotiated by both communicating parties. The strongest encryption supported by both parties will always be chosen.)
- Low (weak encryption)
- Medium
- High (strong encryption)
Detailed information (connection status, cipher suites, etc.) can be found on the Details page.
SECURITY – Control Center
Element Description
Connection Defines the permitted type of connection to the utnserver Control Center:
- HTTP and HTTPS (unencrypted or encrypted connection)
- HTTPS only (always encrypted connections)
The encryption strength is defined via the encryption protocol and level.
User Accounts Defines the three user accounts (name and password) for the restricted access to the utnserver Control Center and the SNMP access.
- Administrator: Complete access to the utnserver Control Center. The user can see all pages and administrate.
- USB Manager: Restricted access to the utnserver Control Center. The user can only manage the USB ports (Security - USB subpage) and terminate activated port connections from the utnserver Control Center home page.
- Read-only user: Very restricted access to the utnserver Control Center. The user can only see the 'START' page.
Restrict Control Center access Enables/disables the utnserver Center access restriction. If access is restricted, a login screen is displayed when opening the utnserver Control Center.
Note: If access is restricted, user accounts must be defined.
Restrict Control Center access – Login screen displays Defines the type of login screen. It is either displayed:
- a list of users (user names are shown. Only the password must be entered.)
- the name and password dialog (A neutral login mask in which user name and password must be entered.)
Restrict Control Center access – Session timeout Enables/disables the session timeout. If there is no activity during the timeout defined, the connection to the utnserver Control Center is terminated for security reasons. In the box, enter the time in seconds after which the timeout is to be effective.
SECURITY – SNMP
Element Description
SNMPv1 Enables/disables SNMPv1.
SNMPv1 – Read-only Enables/disables the write protection for the community.
SNMPv1 – Community SNMP community name
The SNMP community is a basic form of access protection in which several participants with the same access rights are grouped together.
SNMPv3 Enables/disables SNMPv3.
Note: For SNMPv3 the user accounts 'Administrator' and 'Read-only user’ must be set up.
SNMPv3 – Hash Defines the hash algorithm.
SNMPv3 – Access rights Defines the access rights of the SNMP user.
SNMPv3 – Encryption Defines the encryption method. In addition, the password must be entered.
SECURITY – TCP port access
Element Description
Port access control Enables/disables the blocking of selected ports and thus connections to the utnserver.
You define the port types to be blocked in the 'Security level' area.
Caution: The utnserver may not receive information (e.g. via DNS and SNTP) anymore and that you won’t be able to access the utnserver Control Center.
In the 'Exceptions' area, define the network elements which are excluded from port blocking. Test your settings for the port access control via the 'Test mode’ in order to make sure you can access the utnserver.
Test mode Enables/disables the test mode.
With the test mode your can check your setting for the port access control. If the test mode is activated, the access protection remains active until the utnserver is rebooted.
Caution: After a successful test, you must deactivate the test mode so that access protection remains permanently active.
Security level Blocks the selected port types.
- Block UTN access (UTN ports)
- Block TCP access (TCP ports: HTTP/HTTPS, UTN)
- Block all (all IP ports)

Notes:
- The parameter 'Port access control' must be enabled for the blocking to be effective.
- In the 'Exceptions' area, define the network elements which are excluded from port blocking. Test your settings for the port access control via the 'Test mode’ in order to make sure you can access the utnserver.
Exceptions Defines elements that are excluded from port blocking using their IP or hardware address. You can define up to 16 exceptions. Using wildcards (*), you can define subnetworks.
Note: Hardware addresses (MAC) are not delivered through routers!
SECURITY – Certificates
Element Description
Certificates status You can view installed certificates, save them locally or delete them. To do so, click the respective icon.
Self-signed certificate Displays a page to create a self-signed certificate. The self-signed certificate is created and immediately installed on the utnserver.
Certificate request Starts a page for the creation of a certificate request.
In order to use a certificate that has been issued especially for the utnserver, a certificate request may be created. You send it to the certification authority which creates an certificate on the basis of this request. After you have received the requested certificate, you have to install it in the utnserver.
PKCS#12 certificate Displays a page for the installation of a PKCS#12 certificate.
PKCS#12 certificates are used to save private keys and their corresponding certificates in one file. In addition, the file is protected with a password.
Note: The PKCS#12 certificate must be in 'base64' format.
Requested certificate Displays a page for the installation of a certificate, that has been created by a certification authority (CA) for the utnserver on the basis of a certificate request.
Note: The certificate must be in 'base64' format.
S/MIME certificate Displays a page for the installation of an S/MIME certificate.
S/MIME certificates (*.pem file) are used to sign and encrypt emails which are sent by the utnserver.
Note: The S/MIME certificate must be in 'base64' format.
CA certificate Displays a page for the installation of a certification authority's (CA) certificate.
CA certificates are used for verifying certificates that have been issued by the respective certification authority.
Note: The CA certificate must be in 'base64' format. Up to 32 CA certificates can be installed.
SECURITY – Authentication
Element Description
Authentication method Defines an authentication mechanism (according to IEEE 802.1X).
If you are using an authentication mechanism in your network, the utnserver can participate.
User name Defines the user name that is set up for the utnserver on the RADIUS server for the EAP authentication methods MD5, TTLS, PEAP, and FAST.
Password Defines the password that is set up for the utnserver on the RADIUS server for the EAP authentication methods MD5, TTLS, PEAP, and FAST.
PEAP/EAP-FAST options Defines the kind of external authentication for the EAP authentication methods TTLS, PEAP, and FAST.
Inner authentication Defines the kind of inner authentication for the EAP authentication methods TTLS, PEAP, and FAST.
EAP root certificate Defines the root certificate for the authentication procedure.
Choose the root CA certificate of the certification authority that has issued the certificate of the authentication server (RADIUS).
Note: The CA certificate must already be installed on the device.
Anonymous name Defines the anonymous name for the unencrypted part of the EAP authentication methods TTLS, PEAP, and FAST.
WPA add-on Defines an optional WPA expansion for the EAP authentication methods TTLS, PEAP, and FAST.
SECURITY – USB
Element Description
Encrypt USB communication (SSL/TLS) Enables/disables the SSL/TLS encryption of the entire USB and UTN communication.
The encryption strength is defined via the encryption protocol and level.
Disable input devices (HID class) Enables/disables the blocking of input devices (HID – human interface devices).
'Enable/disable input devices (HID class) for all ports' enables or disables all ports at once.
The feature protects the utnserver from USB devices that present themselves as HID class devices but actually used for abuse (known as 'BadUSB').
USB Shows the USB port type (2.0 Hi-Speed or USB 3.0 SuperSpeed).
Flash Enables/disables the power supply for the USB port (i.e. the USB device connected to the port).
With this feature you can (de)activate a USB device connected to the USB port (e.g. in case of an error) or disable used USB ports (to increase security).
Name Freely definable description of the USB port.
If no port name is defined, the default name of the USB device connected will be used. Using the port name, the connected USB device can be displayed with the desired name.
Lock Information on security mechanisms that are set up for the USB port:
- Port key control
- Device assignment
- Port key control and device assignment combined
VLAN Allocates a VLAN to the USB port.
USB device Information on the connected USB device: Name (product ID – PID), serial number, manufacturer (vendor ID – VID).
Change Opens a sub page for the respective USB port for configuring the security features port port key control and device assignment.
Details Shows information on the USB port and the connected USB device.
SECURITY – USB port
Element Description
Description Allows a description of the USB port. The written information is displayed on the properties page of the UTN manager for the corresponding USB port.
(A line break can be created with <br>. The maximum string length is 128byte.)
Method Defines a method to limit the access to USB devices which are connected to the utnserver:
- Port key control: A key is defined for the USB port. The USB port nor the connected USB device are shown in the SEH UTN Manager, however a connection cannot be established. To do so, the key must be entered in the SEH UTN Manager.
- Device assignment: A certain USB device is assigned to a USB port. This is achieved by linking the USB port and USB device through the vendor ID (short VID) and product ID (short PID) of the USB device. The combination of VID and PID is specific to a certain USB device model which means that only USB devices of this specific model can be used on the USB port. This way you can assure, that (security) settings cannot be circumvented by connecting USB devices to other ports.
- Port key control/device assignment: Combines the methods described above.
Key Specifies the key for the port key control. You can have the key generated for you or enter one manually (max. 64 ASCII characters). You can assign up to 2 keys with different validity to one USB port.
USB device Shows the VID (Vendor ID) and PID (Product ID) of the USB device that is assigned to the USB port via the device assignment. You can assign the USB device by clicking 'Allocate device'.
MAINTENANCE – Backup
Element Description
Parameter file – View You can view the current parameter values of the utnserver.
Parameter file – Export You can save the current parameter values of the utnserver locally to your client as text file.
Note: You can edit the saved parameter file with a text editor and then load it onto a utnserver.
Parameter file – Restore Imports a previously selected parameters file onto the utnserver. The utnserver will adopt the parameter values in the file.
System backup – WebDAV Note: You must configure a WebDAV-Server to use the WebDAV backup.
WebDAV – Server directory Defines the directory on the WebDAV server in which the system backups are saved.
WebDAV – Create directories for individual days Enables/disables the creation of subdirectories in which the daily system backups are saved.
Note: After one year, the FIFO method (first, in, first-out) is applied. For example, January 01 of last year will be replaced by January 01 of the current year.
WebDAV – Changes backup Enables/disables the system backup to a WebDAV server. The backup takes place if the device configuration is changed.
Note: Can only be used if a WebDAV server was configured beforehand.
WebDAV – Daily backup Saves daily system backups to the WebDAV server at a time defined.
WebDAV – Backup manually now Saves the system backup to the WebDAV server immediately.
MAINTENANCE – Default settings
Element Description
Default settings Resets the parameters of the utnserver to the default (factory settings).
Note: Since the IP address of the utnserver will be reset as well, the utnserver Control Center cannot be started or displayed in the browser after the reset. Installed certificates will not be deleted.
MAINTENANCE – Update
Element Description
Update Installs a previously selected update file (software) on the utnserver.
In an update, the old software is overwritten and replaced by the new version. The device configuration will not be changed.
MAINTENANCE – Restart
Element Description
Restart Initiates a restart of the utnserver.