New versions of the Endian and Sophos UTM solutions


More Control Over the Use of HTTP(S)

On the back end, Endian has revised the HTTP proxy with a solution based on Internet Content Adaptation Protocol (ICAP), thus improving performance. The HTTP proxy finally supports HTTPS connections so that the antivirus scanner now also checks encrypted traffic. An additional, commercial license extends the proxy with the Cyren URL filter (formerly Commtouch, Figure 4). In contrast to the standard web filters by DansGuardian, which the community edition also includes, the Cyren variant is familiar with more than 100 million websites organized in five main categories and 80 subcategories. Below Proxy | HTTP | Web filter , you can create profiles for different groups of users, for example, management, standard users, and trainees.

Figure 4: Optional commercial URL filtering with Cyren (Commtouch) and the Panda antivirus tool extend the Endian Firewall.

The SMTP proxy also has undergone changes. For example, the Endian Firewall now defines its own smart host with appropriate SMTP authentication data and outgoing IP address for each mail domain. In this way, email can be routed via different Internet mail servers depending on the domain used. Admins also can use a quarantine area below Services | Mail Quarantine to search for blocked messages and their content and to delete or forward as applicable. However, the tool lacks individual email quarantine areas for users.


If you look at the VPN configuration in the previous version of Endian Firewall, you'll see that a fair amount of catching up was needed. The interface of the new version has thus been revamped, and it comes with certificate management courtesy of its own CA, which generates X.509 certificates for the VPN modules. Alternatively, the CA can also generate a certificate signing request (CSR) for an external CA and thus also manage official certificates.

If you changed the IP address for the internal network interface of the firewall during the install – the default is – you must first create a new root host certificate. Start by blocking the old root certificate in VPN | Certificates | Revoked Certificates and then generate a new one with Certificate Authority | Generate new root/host certificates .

The integrated OpenVPN server now also manages TUN interfaces, which is useful especially when you need to integrate smartphones and tablets. Endian has also updated the IPsec module to strongSwan 5.1 and – besides IKEv2 – includes integrated additional encryption algorithms such as Blowfish, Twofish, Serpent, SHA2, and AES-XCBC.

User management in the VPN module has also undergone a revamp: You can now also use the module to create external servers for authenticating VPN users in addition to local users. The module natively supports LDAP, Active Directory, and Novell eDirectory. Additionally, groups of users from directory services can be synchronized and local users organized into user groups (Figure 5). In this way, you can assign user groups popular VPN services or parameters, for example.

Figure 5: The new VPN module by Endian integrates external authentication systems, organizes VPN users into groups, and integrates its own X.509 certificate authority.


For a long time, Hotspot has been an established and frequently used feature of the Enterprise Firewall. The integrated captive portal sets up guest accounts, whereas the account generator lets the admin create user accounts manually. Alternatively, admins can use Endian SmartConnect, a self-service feature that automatically delivers access credentials to users by way of text message or email. The admin defines whether the tickets are free; if not, billing can be handled through PayPal or credit card.

In the new version, Endian Hotspot also integrates external authentication systems, including LDAP, Active Directory, Novell eDirectory, and RADIUS. It can also create time-limited tickets for Hotspot usage, for example, to allow users one hour of Internet access per day. Another new feature is Hotspot SmartLogin. If it is enabled, Hotspot reads the access credentials from a session cookie in the browser, so users do not need to continually re-enter their credentials.

Even the reporting section has had a facelift. The new dashboard now delivers a summary of the most important events, such as blocked viruses, incoming and outgoing email, attack attempts, and web traffic on a clear timeline. Live logs also helps you quickly compile the most important events in a convenient spreadsheet format. The additional filter function lets you home in on points of interest for troubleshooting, for example.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus