This article describes how to use the Setup Wizard to configure Internet access, a local network, and the UTM functionality.
The Setup Wizard is only available after a fresh installation and is launched automatically after changes to the login data.
The Unified Firewall can be reset to factory settings via System → Factory Settings. Afterwards the Setup Wizard can be started anew.
1) Select Start setup in English.
2) Click on Continue Without Backup to continue with the Setup Wizard.
3) Modify the following parameters and click Next:
The Firewall Hostname may only contain lower case letters and must not contain numbers since otherwise user authentication via LDAP won't work!
4.1) Configuring Internet access with DHCP dynamic IP address assignment (e.g. via a cable modem):
4.1.1) Modify the following parameters and click Next:
4.2) Configuring Internet access with static IP address assignment (e.g. SDSL):
4.2.1) Modify the following parameters and click Next:
4.3) Configuring an ADSL link without a VLAN ID:
4.3.1) Modify the following parameters and click Next:
4.4) Configuring an ADSL or VDSL link with a VLAN-ID:
4.4.1) Modify the following parameters and click Next:
5) Select the interface the local network is to be connected to, and change the IP and Prefix Length if required (in CIDR syntax).
Check the option Enable DHCP Server if the Unified Firewall is to be used as the DHCP server in the network.
The options Web and Mail under Allow Internet Access should be enabled if the network is supposed to have internet access. If a network doesn't need internet access leave the checkboxes unchecked.
6) Select the desired UTM features and click Next.
By default, all UTM features are enabled.
Operating the UTM features after the trial period expires requires Full License.
7) You can now review your configuration in a Summary. Then click on Finish to complete the setup and write the configuration to the Unified Firewall.
8) Activating the UTM features Anti-Malware and Content Filter activates the HTTPS proxy.
The Web Proxy-CA Certificate must be downloaded and imported into the end devices so that Web pages can still be accessed via HTTPS.
The procedure for importing the HTTPS proxy certificate into a mobile device is described in this Knowledge Base article as of step 3.4.
Manual download of the Mail Proxy CA (Optional):
When using an E-Mail program like MS Outtlook which connects to an E-Mail server in the internet, the Mail Proxy CA has to be exported in the Unified Firewall and imported into the end device which is accessing E-Mails via the E-Mail program.
If an E-Mail server is used in the local network or E-Mails are accessed via the website of an E-Mail provider, the Mail Proxy CA doesn't have to be imported.
Open the the web interface of the Unified Firewall and go to the menu Certificate Management → Certificates, klick on the Export button at Mail Proxy CA and export the certificate in PEM format. The procedure for the certificate import into an end device is described in this Knowledge Base document (as of step 3.4).