Description:

To secure communication between the LANCOM R&S®Unified Firewalls and the LANCOM R&S®UF Command Center, the firewall establishes an SSL VPN connection to the LANCOM R&S®UF Command Center.

This connection is secured by certificates. Consequently, it is necessary to set up the appropriate certificates and trust settings for the connection.

This document describes how you add a LANCOM R&S®Unified Firewall to the Command Center.


Requirements:
  • Web browser


Procedure:

1) Create the required Certificate Authorities (CA) and certificates on the LANCOM R&S®Unified Firewall:

1.1) Open the menu Certificate management -> Certificates.

1.2) Create a new Certificate Authority (CA) by clicking on the blue plus button.
  • Set the certificate Type to CA for VPN/Web server certificates.
  • Set a Common Name for the certificate authority.
  • Set the Validity period and enter a Private key password. Finally, click on Create.



1.3) Create a certificate by clicking on the blue plus button.
  • Set the certificate Type to VPN certificate.
  • Set the Signing CA to the Certificate Authority (CA) created in step 1.2.
  • Set a Common Name for the certificate.
  • Set the Validity period.
  • Set the CA password to the private key password entered in step 1.2.
  • Set a private key password. Finally, click on Create.



1.4) Create another Certificate Authority (CA) by clicking on the blue plus button.
  • Set the certificate Type to CA for VPN/Web server certificates.
  • Set a Common Name for the certificate authority.
  • Set the Validity period and enter a Private key password. Finally, click on Create.



1.5) Create a certificate by clicking on the blue plus button.
  • Set the certificate Type to VPN certificate.
  • Set the Signing CA to the Certificate Authority (CA) created in step 1.4.
  • Set a Common Name for the certificate.
  • Set the Validity period.
  • Set the CA password to the private key password entered in step 1.4.
  • Set a private key password. Finally, click on Create.



1.6) Expand the list under Certificate Management and export the Command Center certificate.
  • Do this by clicking on the export icon.
  • In the following dialog, select the option PKCS 12.
  • Set the password to the private key password entered in step 1.5.
  • Set any transport password. Then click on Export.



1.7) Now you export the firewall CA.
  • Do this by clicking on the export icon.
  • In the following dialog, select the option PEM.
  • Then click on Export.






2) Import the Certificate Authority and the certificate into the LANCOM R&S®UF Command Center:

2.1) Open the menu Settings > Device connections.

2.2) Import the command center certificate that you exported in step 1.6.

2.3) Import the firewall CA that you exported in step 1.7 into the accepted remote CAs.



3) Enabling the use of the Command Center on the LANCOM R&S®Unified Firewall:

3.1) Open the menu Firewall -> Command Center.

3.2) Enable the use of the Command Center and set the following parameters:
  • For the Host you enter the (IP) address where the LANCOM R&S®Unified Firewall can reach the LANCOM R&S®UF Command Center.
    • If the LANCOM R&S®Unified Firewall and the LANCOM R&S®UF Command Center are on the same network, this is the IP address of the LANCOM R&S®UF Command Center.
    • If the LANCOM R&S®Unified Firewall and LANCOM R&S®UF Command Center are on different networks, this is the IP address of the gateway in front of the LANCOM R&S®UF Command Center. Also, port forwarding has to be set up on the gateway.
  • You have to enter the Port number where the LANCOM R&S®Unified Firewall can reach the LANCOM R&S®UF Command Center.
    • If the LANCOM R&S®Unified Firewall and LANCOM R&S®UF Command Center are on the same network, the default port (11940) remains unchanged.
    • If the LANCOM R&S®Unified Firewall and LANCOM R&S®UF Command Center are in different networks, this is the port on the gateway that forwards to the LANCOM R&S®UF Command Center.
  • Set the Command Center CA as the Command Center CA created in step 1.2.
  • For the Firewall Certificate, use the certificate created in step 1.5.
  • You can optionally enter the GPS coordinates of the location of the LANCOM R&S®Unified Firewall so that the LANCOM R&S®Unified Firewall is displayed correctly on the dashboard map.
  • Then click on Save.





4) Mark the LANCOM R&S®Unified Firewall as administrated in the LANCOM R&S®UF Command Center:

4.1) Open the menu Firewalls > Device selection.

4.2) Set the Status of added firewall to Administrated.

4.3) The newly added LANCOM R&S® Unified Firewall is then displayed in the dashboard of the LANCOM R&S®UF Command Center.



All LANCOM products and software versions are subject to LANCOM Software Lifecycle Management.
You can find information on our website at https://www.lancom-systems.com/products/firmware/software-lifecycle-management

© 2019-2024 LANCOM Systems GmbH