RC1000 NextGen UTM-Firewall

The Securepoint RC1000 NextGen UTM-Firewalls provide companies with secure Internet access. They are a perfect fit for the structure and protection of modern company networks. A secure network operation is ensured across the board thanks to efficient IT security applications.

The VPN-enabled UTM-Gateways allow any number of locations to be linked securely and VPN dial-up accesses to be provided for secure access to the network. The free of charge SSL-VPN client provides mobile employees with an encrypted VPN access. The extensive VPN connectivity via IPSEC, XAUTH, SSL-VPN, L2TP, PPTP and Clientless VPN ensures encryption for data traffic in the Internet.

The Securepoint NextGen UTM-Firewalls protect company data reliably - today and tomorrow - against threats from the Internet thanks to constant development and updates.

Your benefits

  • Security when surfing
    Content filter and virus scanner
  • Protection against attacks
    Deep Packet Inspection (DPI)
  • Secure connectivity
    VPN and fallback solution
  • Secure communication
    Protection against phishing, spyware and malware
  • Corporations & computer centres
    Optimised ventilation and modular structure guarantee scalability
  • 19" form factor
    Long rack enclosure for 19" server rack

Securepoint RC1000 NextGen UTM-Firewall Buy


Type:UTM-Gateway RC1000
Suitable for:up to 1000 users at the location
Brief overview of features:

Highly integrated, energy-saving UTM-Gateway including:

  • Deep Packet Inspection Firewall (DPI)
  • Intrusion Detection System (IDS)
  • Zero-Hour-Protection
  • Two virus/malware scanners (Cyren and ClamAV)
  • High-end spam filter
  • Real-time content filter for web and email
  • Extensive VPN connectivity (IPSEC, XAUTH, SSL-VPN)
  • Integrated Securepoint SSL-VPN client
  • No licence costs for VPN connections
  • Clientless VPN: Browser-based VPN without plug-in (RDP, VNC)
  • Attack detection and defence
  • User identification (locally, active directory, LDAP)
  • Integrated one-time password server (OTP) for high security multiple factor authentication
  • Mail connector for secure connection of POP3(S)/IMAP(S) accounts to your email server (SMTP)
  • Automatic bandwidth management - QoS (for lower latency e.g. with VoIP telephony)
  • Encryption protocols and algorithms can be customized for individual applications
  • Transparent filtering of HTTP, HTTPS (HTTPS interception), POP3 (transparent proxy)
  • Extensive treatment of spam in user interface and via spam records
  • Complete router functionality
  • Complete IPv6 support
  • Reliability when using multiple Internet accesses (fallback)
  • Load distribution across multiple Internet accesses (load balancing/multipath routing)
LAN ports MBit/s:

4 x 10/100/1,000 MBit/s
5x expansion slot at the rear. Selection includes:

  • 2/4 port GBit Ethernet (RJ45)
  • 2 port 10GBit Ethernet (RJ45)
  • 2 port SFP+ 10GBit incl. SFP+ GBic module (fibre)

Different combinations are possible.

Hardware:Intel XEON E5-2600 2 GHz
Memory:64 GByte RAM
RAID controller: LSI MEGARAID hardware raid
HD:2 x 300 GByte
Spare/hot standby:optional; can be upgraded
19-inch-ready: 2HE, long rack enclosure
VPN clients included:
Subscription:Can subscribe for 1 to 5 years

36-month guarantee (bring-in)
Optional 60-month guarantee and on-site service can be booked


Securepoint NextGen UTM-Firewall Range of Functions:

Operating Functions

Administrator Operation:

  • Languages: English, German
  • Auditable
  • Encryption of configurations, log data/reports
  • Real-time monitoring functions
  • Object-oriented configuration
  • Configuration backup management in Securepoint Cloud
  • Password/access data management
  • Configuration management (multiple configurations in one system)
  • Firmware management (update of firmware versions)
  • Backup management (configuration backups)
  • Configuration via:
    • CLI (Command Line Interface):
      Script-based management for automated rollouts
    • Web user interface:
      Single system management
    • Securepoint Operation Center (SOC):
      Multisystem management
  • SSH access to CLI
  • Customisable dashboard


End-user operation:

  • Languages: English, German
  • Clientless VPN (VPN via browser for RDP, VNC without additional plug-ins)
  • Download of automatically preconfigured SSL-VPN-Clients (OpenVPN)
  • Wake-on-LAN

Monitoring, logging and report functions

Monitoring, logging and reporting:

  • Two-man rule
  • Encryption of configurations, log data and reports
  • Anonymization of log data/reports
  • System/service status
  • Hardware status
  • Network status
  • Service/process status
  • Traffic status
  • VPN status
  • User authentication status
  • Live logging
  • Syslog protocol support and integrated syslog server (see SOC)
  • Logging to different syslog servers


  • SNMPv1
  • SNMPv2c
  • SNMP traps
  • Monitoring:
    • CPU, RAM, HDD/SSD/RAID, Ethernet
    • Internet connections

Statistics and reports (SOC):

  • Export statistics as PDF and CSV
  • Antivirus/antispam statistics
  • Alerts: Triggered alarms
  • Malware: Names, type, number
  • Top websites: Traffic to websites
  • Top surfers: All users that cause traffic
  • User’s traffic
  • Surfers+websites: Websites by users
  • Categories blocked by content/web filter
  • Blocked websites: websites that are blocked
  • Interface utilisation/traffic
  • SMTP attacks
  • IDS attack overview
  • IDS IP attackers and attack types
  • Top dropped packets
  • Top accepted packets
  • Top rejected packets
  • Top rejected emails
  • Top accepted emails
  • Top accepted/rejected emails
  • Top accepted mail servers
  • Top rejected mail servers
  • Top servers in greylisting whitelisted
  • Top servers in greylisting rejected

Network functions


  • Configuration for external tunnel brokers (e.g. HE.net)
  • IPv6-DHCP and router advertisement
  • DHCP relay, also via VPN tunnel
  • Rules for DHCP are automatically created for the respective interface



  • xDSL (PPPoE), cable modem
  • Load balancing
  • Bandwidth management
  • Time-controlled Internet connections
  • DynDNS support (free of charge via https://www.spdyn.de)



  • Source routing
  • Destination routing
  • Multipath routing in mixed operation also (up to 15 lines)
  • NAT (Static/hide NAT), virtual IP addresses
  • BGP4


DHCP (IPv4/IPv6):

  • DHCP relay
  • DHCP client
  • DHCP server (dynamic/fixed IP)



  • Port forwarding
  • Port address translation (PAT)
  • Dedicated DMZ links



  • Max. 4094 VLANs per interface
  • 802.1q Ethernet header tagging
  • Can be combined with bridging


Bridge mode:

  • OSI-Layer 2 Firewall functions
  • Spanning tree (bridge ID, port cost)
  • Unlimited bridges
  • Unlimited interfaces per bridge


Traffic shaping/quality of service (QoS):

  • QoS/traffic shaping (also for VPN)
  • Adjustable upload/download stream traffic
  • All services can be configured separately
  • Minimum, maximum and guaranteed bandwidths can be configured individually
  • Multiple internet connections supported


High availability:

  • active/passive HA
  • Synchronisation of single/multiple connections


Name server:

  • Forwarder
  • Relay zones
  • Master zones (domain and reverse)

Network functions

Firewall deep packet inspection (DPI):

  • Deep packet inspection
  • Connection tracking TCP/UDP/ICMP
  • SPI and proxy can be combined
  • OSI-Layer 7-Filter
  • Time-controlled firewall rules, content/web filter, Internet connection
  • Group-based firewall rules, content/web filter, Internet connection
  • Supported protocols: TCP, UDP, ICMP, GRE, ESP, AH


Implied rules configuration:

  • Standard services such as Bootp, Netbios Broadcast... can be removed from logging by On-Click
  • Access can be granted via On-Click for standard services such as VPN without a rule having to be written
  • Static NAT, Hide NAT and other exceptions can be configured in the packet filter



  • VPN and certificate assistant


Clientless VPN:

  • Client-to-Site (VPN home offices)
  • VPN via browser for RDP/VNC without additional plug-ins (modern browsers)
  • Authentication: Active directory, local user database
  • SSL encryption


  • Site-to-Site (VPN branches)
  • Client-to-Site (VPN home offices)
  • Authentication: Active directory, local user database
  • Encryption: 3DES, AES 128/ 256Bit, Twofish
  • Hash-Algo., MD5-HMAC/SHA1, SHA2
  • Windows 7/8-ready with IKEv1, IKEv2
  • Preshared Keys (PSK)
  • X.509 certificate
  • Tunnel mode
  • DPD (Dead Peer Detection)
  • NAT-T
  • Data compression
  • PFS (Perfect Forward Secrecy)


  • Site-to-Site (VPNbranches)
  • Client-to-Site (VPN home offices)
  • Authentication: Active directory, local user database
  • SSL encryption (OpenVPN)
  • Encryption: 3DES, AES (128, 192, 256) CAST5, Blowfish
  • Routing mode-VPN
  • X.509 certificate
  • TCP/UDP port can be changed
  • Data compressio
  • Export für One-Click-Connection


  • Client-to-Site (VPN home offices)
  • Authentication: Active directory, radius, local user database
  • Windows L2TP support

PPTP (not recommended):

  • Client-to-Site (VPN home offices)
  • Authentication: Active directory, radius, local user database
  • Windows PPTP support


X.509 Certificate server: 

  • Certificate blocklist (CRL)
  • Multi-CA support
  • Multi-host certificate support


VPN clients (free):

OpenVPN client (OpenVPN):

  • Can be configured centrally via administration interface
  • Including configuration that can be downloaded via user web interface
  • Can be executed without admin rights with Windows
  • Operation: On-Click-VPN-Connection

Clientless VPN:

  • Can be configured centrally via admin interface
  • Can be called up via user interface
  • Operation: On-Click-VPN-Connection


Antivirus (AV):

  • Two virus scanners as standard:
    • Cyren & ClamAV
  • Virus scanner cascadable SMTP, POP3
  • Scan protocols: HTTP, HTTPS, FTP over HTTP, POP3, SMTP
  • Encrypted data scanned (SSL interception/bump)
  • Compromised data, archives (zip etc.) and attachments scanned
  • Manual and automatic updates


Antispam (AS):

  • Protocols SMTP, POP3
  • Authentication: Active directory, LDAP, local user database
  • Zero day protection
  • RBL lists (SMTP)
  • Black/whitelists
  • Greylisting (SMTP)
  • Regular expressions
  • SMTP gateway:
    • Greeting pause, protection against “recipient flooding”, Rate control
    • Greylisting with whitelists of email addresses and domains
    • Email address validation directly via SMTP protocol
  • Can be combined with content filter (blocking categories such as pornography etc.)



  • Transparent mode (HTTP, POP3)
  • Authentication: Active directory, LDAP, local user database
  • Integrated URL/content/web filter (see content/web filter)
  • Integrated antivirus system (see AV)
  • Integrated spam filter (see AS)
  • Group/time-controlled rules

Reverse proxy:

  • Reverse proxy for HTTP, HTTPS
  • Load balancing on internal server
  • Bandwidth management
  • Different filter options


Content/web filter: 

  • Content filter with 46 categories
  • Category-based website blocks
  • Authentication: active directory, local user database
  • Scan technology with online database
  • URL filter with import/export URL lists
  • Black/whitelists
  • File extension/MIME type filter
  • Advertising blocked (approx. 50% of adverts removed from websites)



  • Protection against DoS/dDoS attacks
  • Port scan protection
  • Invalid network packet protection
  • Automated warning (email etc.)


User authentication:

  • Complete active directory integration
  • Authentication against active directory for all VPN protocols, filters and proxies of UTM
  • And also radius authentication for VPN protocols PPTP/L2TP



  • Locally in the workplace, locally in UTM/VPN system, in SOC database and Securepoint Cloud
  • Automatic and time-based backups
  • Backups can be encrypted
  • Backups possible on. running system


One-time password (OTP):

  • Integrated one-time password server for high security two and three factor authentication


Mail connector:

  • Integrated for retrieving emails via POP3(S)/IMAP(S) and forwarding via SMTP
  • Increases spam detection and virus protection


Admin web interface:

Quick overview with dashboard and docking station
You use a web browser to access the admin web interface of the Securepoint NextGen UTM-Firewall. This is the central interface for managing the appliance. The admin interface has a monitoring overview for UTM that can be configured individually and it has a docking station. Here you can define views to meet your own personal requirements and thus display the most important information about UTM. Simple operation via the admin interface and the use of the setup wizard thus ensure a quick start-up.

User web interface:

User web interface: Example Clientless VPN
Clientless VPN allows VPN via the browser for RDP and VNC without additional plugins (a modern browser is required). There is no need for installation on the client for operation. The example used here is of a Windows operating system (Apple Mac OSX, Linux etc. also possible of course) in the browser.

Administration: Central configuration management, backups and monitoring with the Securepoint Operation Center
The Securepoint Operation Center is the central configuration and management solution for all of Securepoint’s UTM and VPN systems. The Operation Center allows you to centrally manage and automatically support any number of Securepoint UTM and VPN products. This is especially important if you have to manage large UTM and VPN infrastructures. The Securepoint Operation Center is available as a local desktop and server version that can be integrated into your central backup concept.


Please fill in any case from the fields marked with *.
CAPTCHA image for SPAM prevention If you can't read the word, click here.