Central Console

Central Console

Helps to centrally manage UTM servers.


Safe Center is a central console that will help you administer multiple SafeUTM servers at once. Currently does not require licensing and has no restrictions on use. Automatically propagates security policies to all connected SafeUTMs, even if they were connected after the policies were configured.

Opportunities of Safe Center:

Learn more about how security policies and objects work in the Policies and Objects articles.

Technical requirements for servers and virtual machines:

You can request the installation file from your Manager or Tech Support. The Safe Center installation process is similar to the SafeUTM installation process.


Connecting Safe UTM to Safe Center

If a cluster is used in the connected SafeUTM, it is enough to connect only the active node, the passive one will automatically accept this setting.
The network connection is made in the direction from SafeUTM to Safe Center, i.e. communication is also possible when SafeUTM is behind NAT.

To connect SafeUTM to Safe Center:

Screenshot_216.png

If the Safe Center IP address is listed instead of the domain name, upload the Safe Center root certificate to SafeUTM:

Screenshot_217.png

You can download the root certificate in the Safe Center, section Services -> TLS Certificates.

Screenshot_218.png

If the Safe Center server is behind NAT, enter the IP address or domain name in Server Management -> Additional settings -> Central Console's Address.

Removing the SafeUTM server from the Safe Center will break the binding in the SafeUTM interface:

Screenshot_219.png

Switching from the Safe Center web interface to the SafeUTM web interface

Safe Center provides two ways to switch to SafeUTM:

  1. Go to the Servers section and click on the eye icon:

Screenshot_220.png

The SafeUTM web interface will open in a new tab.

  1. Click on the dropdown icon in the upper left corner and select the desired UTM:

Screenshot_221.png

The SafeUTM web interface will open inside Safe Center window.

Policies

The principles of operation of the sections Firewall, Application Control, Content Filter, and Traffic Shaping with connected UTM are identical. Consider it using the Firewall section as an example.


Firewall

The Safe Center firewall contains only FORWARD and INPUT tables.

An example of adding rules in Safe Center:Screenshot_222.png


In Safe Center

The Forward rules created in Safe Center are displayed in two tables: Initial and Final. These tables are divided by Local Rules on SafeUTM servers.

An example of an empty table:

Screenshot_229.png

An example of a completed table:

Screenshot_228.png

Local rules on SafeUTM servers are not visible in the Safe Center interface. To view, go to the Servers section, click on the eye icon in the line with the required SafeUTM, and go to the Firewall section.

In order for the created rule to be included in the Initial rules table, specify the Initial value in the Rule type line. If you want to place the rule in the Final rules table, select the Final value.

You cannot move rules between the Initial rules and Final rules tables.


In SafeUTM

The table in SafeUTM is visually divided into three parts: top, middle, and bottom.

Screenshot_225.png

The rules from the connected Safe Center are transferred to the upper and lower parts. These rules cannot be managed in SafeUTM. The top part corresponds to the Initial rules table in the Safe Center. The lower part - the table Final rules.

The middle part is created by the UTM administrator in UTM itself and is not visible in the Safe Center interface.

Objects

Objects created in Safe Center are migrated to connected SafeUTMs. The SafeUTM administrator can use these objects to create rules.

When an object is deleted from Safe Center, the object is also deleted from SafeUTM. If a rule with a deleted object was created in SafeUTM, then this object will be marked with the  Deleted  icon.

The principle of creating and deleting objects in the Safe Center is consistent with the principles of SafeUTM. Detailed description in the article Objects.

Services

Network interfaces

Unlike SafeUTM, only a local Ethernet interface is created in Safe Center. To do this, click Add, select a network card, and fill in the required fields:

Screenshot_226.png


Routing

Routing works similarly to SafeUTM routing. Detailed description at the link.


DNS

The principle of operation of DNS in Safe Center is similar to the principle of operation of External DNS servers in SafeUTM. If the upstream router intercepts Safe Center DNS queries, then add external DNS servers.

Server Management

In the central console (Safe Center), the sections Automatic Update, Backup, and Terminal are similar to these sections in SafeUTM.


Administrators

In Safe Center, you can create several administrators with different roles:

All administrators (both Administrator and Read-Only) can delete connected SafeUTM from Safe Center.

There are two ways to connect to the SafeUTM web interface from the Safe Center located in the Safe Center:

Screenshot_221.png

It is not possible to log in to the connected SafeUTM with the Safe Center administrator login and password.


Additional Settings

The following settings are available in the section: