Endian banner

Preface

Endian UTM Appliance is an Open Source Unified Threat Management (UTM) appliance software. This document is both an User Manual and a Guide to the configuration of the various part of the Endian UTM Appliance web interface and its functionalities.

The latest updates and corrections to this manual, referred to the latest release of the Endian UTM Appliance, will be available online at http://docs.endian.com/3.0/utm/.

This reference manual is Copyright (c) 2011-2015 Endian S.r.L.

Features and enhancements from the 2.4 release

This section shows at a glance those modules and functionalities of the Endian UTM Appliance which have considerably improved. Minor improvements, addition of features, and changes are pointed out throughout the text by special labels.

Hotspot

The major improvements included in the 3.0 release concern the hotspot module, which has been partly rewritten and is now more reliable and offers more functionalities.

  • E-mail user verification for SmartConnect™

    SMS user verification has been supported since the first release of SmartConnect™. Since version 2.5, users can now also choose to verify by e-mail the validity of their Hotspot accounts. In this case a limited ticket is pre-added to the account during its creation to make sure the users can check their registered e-mail account for the verification e-mail, which contains a verification link. Once the link has been clicked, the user is fully activated and can buy tickets and access the hotspot to access the Internet.

  • Password recovery

    It is now possible for a user to request that its password be sent to her, should she forget it. This feature can be configured to work by providing either a phone number or an e-mail address, to receive the password by phone or e-mail respectively. If the phone number or e-mail address are associated with one of the registered accounts, a password reminder will be sent to the provided phone number or e-mail address. Moreover, the interval that must pass between two password recovery requests can be set, to avoid flooding.

  • Ticket validity

    A validity field has been added to ticket rates and individual tickets, to provide an expiry date and time to each ticket, in particular whether it should be valid only for a given time from ticket creation, from the first use of the ticket, until the end of the day, or until a fixed date and time. This new feature integrates seamlessly with SmartConnect™, as tickets will automatically inherit the validity that has been configured for the chosen ticket rate. An administrator can however manually add a ticket and override the ticket rate validity for that ticket.

  • User-less portal

    The new portal allows Internet access without the need to create user accounts at all: Users only need to click on the Surf Now button on the hotspot portal and accept the Terms of Service, if this is required by the hotspot configuration. In user-less mode, each device is automatically recognised by its MAC-address, and a default ticket -which should be defined before activating the user-less mode- is associated to it. Moreover, if the ticket is valid for a certain time only, the user should re-accept the Terms of Service after the expiry date.

  • Configurable fields for SmartConnect™

    The SmartConnect™ user registration GUI has been rewritten. It is now possible from the Hotspot administration GUI to define which input fields should be displayed. For each displayed field it is also possible to choose whether it should be required or optional, though some field is always required. Another configuration option is whether the phone number or e-mail address provided during registration should be confirmed or not.

  • Administration usability improvements

    The administrative interface GUI has been reorganised, due to the myriad of options added and improvements. This is evident in the Main Settings page, which has now been divided into sections: Portal settings, Global settings, Account settings, and Character set for generated passwords. A new widget has been introduced to simplify multiple selections, featuring a built-in filter and the ability to add items with a simple click. It is currently used to select languages, countries and country codes where required.

Documentation

The documentation itself has been extended and improved, building on the existent documentation for version 2.4 and adding new sections (getting started, glossary, quick-sheet), descriptions of relevant arguments within the text, links to online resources, and various other resources. Part of existent online resources have been gathered and included in this edition of the documentation.

VPN

  • Native VPN support for mobile devices with L2TP/IPsec

    In order to provide VPN connectivity for the most recent mobile devices such as the iPad, the iPhone, or Android-based devices, an L2TP server and a new type of IPsec configuration for L2TP tunnels has been added to the Endian UTM Appliance. The combination of L2TP and IPsec gives everyone the possibility to connect to their company VPN by using the native L2TP/IPsec support of their mobile devices.

  • Unified user management

    With the addition of L2TP, a new VPN protocol that supports users has been added. Therefore, the user creation and management process has been centralised by creating one unified VPN user management GUI, in which users can be created and allowed to be using either OpenVPN, L2TP, or both protocols. Protocol-specific options will then show up to tailor the connection to the user’s needs.

Connectivity

  • Wireless Mini ARM

    A new Mini model featuring a wireless module is now available, which is configurable in many ways: To start using it is as easy as to choose the country in which the Mini is used, for the automatic setup of the channels to be employed. Additional settings allow the definition of up to four wireless SSIDs, each mappable to a different zone and configurable for the use with various common encryption standards - WPA, WPA2 Personal or WPA2 Enterprise.

  • Wireless Integration with RADIUS

    The wireless module can also be integrated with the Hotspot’s RADIUS server which results in the user being logged in by the Hotspot once the credentials have been entered to authenticate in a WPA/WPA2 Enterprise encrypted wireless network.

  • Support for most modern UMTS/3G USB dongles

    By adding new drivers, Endian UTM Appliance 3.0 now supports most modern UMTS/3G dongles. Once the device has been plugged in, it appears as a serial devices and can be configured by choosing Analog/UMTS modem as uplink type in the network configuration wizard. The newly created serial devices will then appear in the Serial/USB Port drop-down in the network wizard.

Miscellaneous

While they may not immediately be visible to the end user, several parts of the modules have been rewritten “under the hood”, to improve performances and reliability, while dozens of bugs have been fixed.

Note

These improvements were initially intended for and implemented on the 2.4 release and then ported to the 2.5.

  • System - Performance improvements

    Two main areas whose performances were not satisfactory have been interested by extensive efforts, resulting in dramatic improvements.

    The system startup procedure has been completely rewritten. Endian’s new jobsengine decreases the time needed to boot up by 50 percent.

    The memory usage has been optimised and considerably reduced: A fully configured system now saves 200 megabytes of RAM.

  • Contentfilter - Configurable update intervals

    The contentfilter blacklists can now be updated through the GUI like for any other service, with a variable interval - hourly, daily, weekly, or monthly. Moreover, updates do not rely on the release of new packages anymore.

  • Dashboard - Customisable through configurable widgets

    The new dashboard is now fully customisable through the use of configurable widgets. The update interval for all widgets can now be set individually, while widgets can be placed by drag-and-drop or even deactivated completely.

  • Trusted timestamping

    The functionality of trusted timestamping allows to securely store log files, adding the certainty that nobody has altered them since they were generated from a system and stored.

Functionalities added after the 2.5 release

This section collects all the functionalities added to the Endian UTM Appliance after the initial 2.5 release in January 2012. These later releases are identified with the month and year, since they are only update releases. Note that this section does not include the countless bug fixes implemented in the same period.

September 2012 releases

During the month of September 2012, Endian released a set of updates which include some new features. Since this release, new features are identified by their internal code. In details, the following parts of the Endian UTM Appliance have been improved:

  • Proxy - Improved the generation of graphs (CORE-231)

    The high load of the CPU and the memory exhaustion occurring during the creation of the proxy graphs with a massive use of the proxy has been eliminated.

  • Storage - Automatic and redundant backups (UTM-107)

    In the Mini ARM, all the settings used by the system and stored on the external SD card are now automatically copied on the internal NAND, making the recovery in case of SD card failure quicker and easier.

  • Storage - Gathering of information about SD cards (CORE-232)

    To improve the lifecycle of SD cards, information about read and write operations on them are gathered.

  • Networking - Bonding mode. (CORE-240)

    Every bonding mode is now supported.

Moreover, the following softwares employed on Endian UTM Appliance have been updated:

  • Ntop - update to version 4.1.0

    The monitoring software ntop has been updated to the latest version in the Endian UTM Appliances featuring it (i.e., Mercury, Macro)

  • Antivirus - updated Sophos.

    The Sophos antivirus is now available in its latest version, 4.80.

November 2012 release

  • Endian Network (UTM-287). Error messages for a failed registration have been improved and made more intuitive.

December 2012 release

  • Antivirus. The Sophos antivirus is now available in its latest version, 4.82.

January 2013 releases

  • Antimalware (UTM-250). Endian UTM Appliance now uses DNS blacklists from http://www.phistank.com/ to avoid connections to known unreliable domains. Whenever one of these domains is accessed, the user is redirect to a local error page.

  • Antivirus. The Sophos antivirus is now available in its latest version, 4.84.

May 2013 release

  • Hotspot. Smart login functionality (user is remembered after the first login, with no need to re-authenticate).

  • Hotspot. Support for cyclic tickets allows to create recurring rates (daily, weekly, monthly, and yearly).

Features and enhancements of the 3.0 release

The version 3.0, being a major release, has been a long path, which sees the introduction of several new features, plus many changes and improvements under the hood, among which the major rewrite of the VPN module stands out.

VPN

The VPN module has been rewritten and its structure improved, separating the authentication part from the tunnelling and encryption part. The new features introduced in the VPN module are:

  • Algorithms available for encryption: Blowfish 128/192/256-bit, Twofish 128/192/256-bit, Serpent 128/192/256-bit, Camellia 128/192/256-bit, CAST-128.

  • Hashing algorithm: SHA2 256/384/512-bit, AESXCBC.

  • Support for IKEv2.

  • Support for XAUTH.

  • Multiple OpenVPN servers can run concurrently, introducing load-balancing and providing scalability.

  • User management and authentication has been unified for OpenVPN, L2TP, and XAUTH, and completed by several new functionalities:

    • Support for multiple authentication server (local, LDAP, Active Directory).

    • Integrated certificate authority

    • Support for external certification authorities.

    • Support for groups of users.

    • Two-Factor Authentication (password and certificate management).

Hotspot

  • The hotspot module can now rely, besides the locally installed one, on external authentication servers: LDAP, Active Directory, and RADIUS.

Logging

  • A brand new reporting dashboard to visualise events logged by the Endian UTM Appliance has been developed from scratch.

  • More detailed graphical reports are therefore available for various categries of events: System, web, e-mail, attacks, and viruses.

  • Integration of ntopng into Endian UTM Appliance provides live monitoring of network traffic and network flows.

Usability

  • Additional languages for the GUI have been introduced: Portuguese, Chinese, Russian, and Turkish.

  • The menubar and the left-hand side menus now remain visible also when browsing a long page to its bottom.

Mail and Web Security

  • The Panda Antivirus is now offered as optional module, replacing the Sophos Antivirus.

  • The Cyren (former Commtouch) URL filter is available as optional module for content filtering.

  • Management of quarantine e-mail has been introduced.

  • The HTTPS proxy now accompanies the HTTP proxy.

Firewall

  • Application firewall is now available, with the possibility to filter traffic generated by more than 170 application.

Documentation

  • There is now one online reference manual for each product’s family: UTM (Security gateways), Edge (4i industrial devices), and UTM Edge (Mini Edge and Mini Edge Wireless devices)

Functionalities and enhancements of the 3.0.5 Release

Version 3.0.5 has been released on 29th of April 2015 and includes the following new or improved functionalities.

VPN Portal

The new VPN Portal feature allows user to connect from the Internet to any resource behind a Endian UTM Appliance without the need to install a VPN client. Multiple paths can be defined, to associate a different URI to different services running on internal resources. Currently, only HTTP and HTTPS protocols are supported, but internal HTML5 application can be used to serve content via web (like e.g., webmail clients or web file manager).

Event Management

The event management functionality has been vastly improved with the introduction of many new events. Like before, administrators of the Endian UTM Appliance can be informed by SMS or e-mail whenever any event takes place, but now they can write their own python scripts and associate them to any event. An andian API will soon be published to allow a more tight interaction with the Endian UTM Appliance.

Mail Quarantine Summary Reports

The new summary report functionality eases the burden of the administrators, who usually shall check up to thousands of e-mails. Summary reports, which are completely configurable and automatic, send to the original sender a number of information about the status of the e-mails and contact data to receive additional information.

Proxy improvements

The transparent proxy has been improved with the introduction of TProxy and a set of patches applied to the cache manager. As a direct consequence, policy routing and firewalling also have been improved and now work correctly in some corner cases.

Network configuration

The default installation does not include the legacy ADSL and ISDN network modes. However, the packages that provide these functionalities can still be installed

Licence expiration

When the maintenance expires, ACS modules will be uninstalled and signatures will not be updated anymore, except for the Anti-Spyware and ClamAV anti-virus service that have a grace period of fifteen (15) days.

Acknowledgements

Without the great work of the Smoothwall and then of the IPCop team, neither Endian UTM Appliance nor this document would exist. Therefore we would like to thank them all for their hard work.

Thanks to Sourceforge for the hosting. Without Sourceforge we would not have the possibility to gain such a huge worldwide visibility. You are really helping us very much!

Endian web sites

For more information about Endian S.r.l., Italy and its products, please visit Endian web site at http://www.endian.com/.

Many resources (tutorials, how-tos, examples) in this manual are taken from those web sites:

  • http://help.endian.com/ The new support center for the Endian products, that should become the reference site to support customers and users. Several links to howtos on this site are provided on this documentation at the end of the various subsections.

  • http://kb.endian.com/ The old knowledge base of Endian, now discontinued. Its content, including configuration examples, has been incorporated either in the reference manual on in the help.endian.com site.

  • http://jira.endian.com/ Endian’s bug tracker, the place in which to search for existing bugs and their resolution or workarounds and to report new issues. It replaces the older bug tracker located at, http://bugs.endian.com/ which is still accessible and in which to find tips and workaround for issues found in older systems.

Additionally, several forums have been created on the Internet to provide help to the users of the Community Edition. These are not maintained from Endian, but nevertheless they represent a valuable resource for all Endian UTM Appliance users, even for registered appliances:

An updated list with all forums can be found on the Endian Website.

Finally, mailing lists with instruction for subscription can be found on the sourceforge page of the Endian UTM Appliance project.