Basic network configuration is performed in this section. Any changes made to this section are applied and saved by clicking on the Save" button.
| Hostname Input field |
Domain name of the Web Security Manager Web application firewall.
|
| Default gateway Input field |
IP address of the default gateway.
|
| DNS server(s) Input field |
IP address of one or more DNS servers.
|
| SMTP server Input field |
SMTP server hostname or IP address. SMTP server is used for sending alert e-mails to the contact e-mail address specified.
|
| Syslog server Input field |
External syslog server hostname or IP address. Proxies with external syslog alert enabled will send syslog alerts to the specified server. Syslog messages are sent to
|
Define static routes.
Click and enter route information for each route you want to add.
When routes are entered click in lower button bar to save.
| Destination Input field |
The route destination. Enter first IP address of destination network.
|
| Subnet Input field |
Network mask of the destination IP address.
|
| Gateway Input field |
IP address of the gateway through which the destination can be reached.
|
The examples above would result in:
Access to IP addresses 192.168.5.0-255 (192.168.5.0/24) is routed through the gateway 192.168.0.4.
Access to IP addresses 192.168.6.8-16 (192.168.6.8/29) is routed through the gateway 192.168.0.5.
Access to IP address 192.168.7.10 (192.168.7.10/32) is routed through the gateway 192.168.0.6.
Configure threshold level and address of external Syslog server.
| Syslog server Input field |
External syslog server hostname or IP address. Proxies with external syslog alert enabled will send syslog alerts to the specified server. Syslog messages are sent to
|
| Attack | Local3 |
| Audit | auth |
| Proxy |
|
| Learner |
|
| Backup |
|
| WebGUI |
|
| Daemon | Local1 |
| Syslog |
Other facilities |
| Error |
All facilities with informational level |
See Section 5, “Logs” for a description of the log mentioned above.
Configure threshold level and address of external Syslog server.
| Enable SNMP queries Check box |
Enable or disable SNMP daemon. If checked, Web Security Manager will accept SNMP queries on the first of the IP addresses to which management is bound. |
| Public community Input field |
Public community password. The read-only community password.
|
| System location Input field |
Information about the system.
|
| Listening on Read only |
If SNMP is enabled will display the IP address the SNMP daemon is listening on. |
This section is used for configuration of time synchronization via NTP (Network Time Protocol).
It is strongly advised to configure an NTP server in order to have the correct date and time set on the system.
It is recommended to configure an internal NTP interface. If one is not available, a well-known NTP server time.nist.gov can be used. Also, have a look at www.ntpd.org for a more detailed list of NTP servers available for free on the Internet.
| NTP server Input field |
IP address or hostname of an NTP server. Remember to set up at least one DNS server if you enter a hostname here.
|
| Timezone Drop down list |
Timezone information. Select the systems timezone from the drop down menu.
|
| Date format Drop down list |
Display dates in logs and reports in Month-Day-Year or Day-Month-Year format. Select the date format from the drop down menu.
|
Update notifications, attack alerts and system errors can be sent by email to the admin contact email address.
| Contact Input field |
E-mail address of the administrative contact. All alert e-mails and notifications are sent to this address. You need to define an SMTP server before any e-mails are sent.
|
| Sender domain Input field |
The e-mail address domain. If not configured it will be extracted from the contact e-mail.
|
Critical events or conditions are logged both locally and to external syslog server (if enabled). However if an external syslog server is not available (or is not monitored) a subset of (potentially) critical alerts can be sent to the designated admin contact email.
| Email system error messages to admin contact Check box |
Enable or disable sending of error messages altogether. If checked, selected alert types will be sent. |
| Disk and memory Check box |
If checked, disk and memory related errors at log level ERROR and CRITICAL will be sent. |
| Cluster interface events Check box |
If checked, cluster interface related errors at log level ERROR and CRITICAL will be sent. The most common cluster interface event is STATE TRANSITION which, when sent by the slave node in a cluster, indicates that the master node is either down (backup > master) or has resumed operation (master > backup). When the nodes in a cluster are powered on/off or rebooted state transition messages are also logged to the syslog error log and may generate email alerts. |
| Administrative daemons Check box |
If checked, any error at log level ERROR and CRITICAL from administrative daemons will be sent. |
Configure forward proxy to be used by the update system when connecting to the update server.
| Use proxy for outbound HTTP Check box |
Enable or disable the configured forward proxy. |
| Proxy address Input field |
The address of the forward proxy
|
| Proxy port Input field |
Proxy port number
|
| Forward proxy authentication required Check box |
Enable if forward proxy requires authentication. |
| Username Input field |
User name used for authenticating to the Proxy.
|
| password Input field |
Password to authenticate the proxy user. |
This section is used to configure an FTP/SCP server used for automated configuration backup/restore of Web Security Manager configuration.
| FTP server Input field |
FTP hostname or IP address.
|
| FTP port Input field |
FTP server port number
|
| Login Input field |
Username used for login. FTP account used must be able to store files on the remote FTP server.
|
| Password Input field |
Password used for SCP login.
|
| Remote directory Input field |
Full path to directory on FTP server used for storing Web Security Manager related files.
|
| SCP server Input field |
SCP hostname or IP address.
|
| SCP port Input field |
SCP server port number
|
| Login Input field |
Username used for login. SCP account used must be able to store files on the remote SCP server.
|
| SCP key Button |
Click to download key used for authentication. Make sure to add this key to the authorized keys list on the remote server. |
| Remote directory Input field |
Full path to directory on SCP server used for storing Web Security Manager related files.
|
| Remote directory Input field |
Full path to directory on SCP server used for storing Web Security Manager related files.
|
Auto-backup, if enabled, is performed daily at 03:00 AM based on your current timezone settings.
| Enable FTP auto-backup Check box |
Enable or disable FTP auto-backup. If checked, automated FTP configuration backup will be active. |
| Enable SCP auto-backup Check box |
Enable or disable SCP auto-backup. If checked, automated SCP configuration backup will be active. |
The remote support feature allows for configuring Web Security Manager to allow requests from Alert Logic to port 22 on any of the systems ip addresses.
When enabled Alert Logic Support can connect to the underlying OS in order to help diagnose and troubleshoot problems.
Only requests originating from an Alert Logic support IP address will be redirected.
| Enable SSH access to management IPs Check box |
Enable or disable ssh access to management IPs. If checked, Web Security Manager will allow ssh connections to the same IP addresses as the GUI is bound to. |
| Enable remote support and monitoring from Alert Logic
Check box |
Enable or disable remote support access. If checked, requests from Alert Logic to port 22 on any of the systems interfaces will be allowed. |
To view detailed settings and verify that remote support is disabled use the system remotesupport status command in the CLI (Section 2.22, “system remotesupport”).
If remote support is enabled the system will display a warning on the console when booted.
Manage password requirements, session and login restrictions and SSL certificate.
| Minimum length Input field |
Minimum password length in number of characters
|
| Letter characters required Check box |
Require one or more letter character, a-z + international. |
| One or more digits (0-9) required Check box |
Require one or more digits. |
| Combination of upper and lower case required Check box |
Require a combination of upper and lower case characters. |
| Non alphanumeric characters required Check box |
Require one or more special (non-alphanumeric) characters. |
| Idle timeout Input field |
Number of seconds the management GUI can be idle before the user is logged out.
|
| Failed login delay Input field |
Number of seconds to wait after a failed login attempt before a new attempt can be made.
|
| Failed logins limit Input field |
Number of failed login attempts allowed before the failed login action is taken.
|
| Failed logins action Dropdown |
What to do if a user exceeds the failed logins limit. Options:
|
| Notify user on lockout and suspend Check box |
If enabled, user will receive an error message in the login page if the account has been locked or suspended. |
| Suspend inactive accounts Check box |
Enable suspending of accounts that has not been active for a specified duration. |
| Account inactivity threshold Input field |
Number of days a user account can be inactive before it is automatically suspended.
|
Management GUI SSL certificates can either be self signed or imported certificates.
In the SSL certificate section the current SSL certificate in use is displayed. To upload a new certificate click the button.
To generate a self signed certificate enter the certificate information in the input fields.
Click in the lower button pane.
If the certicifate is in the PKCS12 format follow the guidelines below:
Enter the path to the certificate file in the PKCS12 file input field.
Enter Passphrase in the Passphrase input field.
Click in the lower button pane.
If Validate certificate chain is enabled Web Security Manager will validate and order the chain certificates.
If the certificate is in the PEM format follow the guidelines below:
Open the .PEM file in a text-editor. Copy the public certificate section of the certificate.
The public key/certificate is the section of the certificate file between (and including) the certificate start and end tags. Example:
-----BEGIN CERTIFICATE----- Certificate characters -----END CERTIFICATE-----
Select Import SSL certificate In the Web Security Manager management interface
Paste the SSL public key/certificate into the SSL-certificate field.
Now copy the (SSL) private key section of the certificate. The (SSL) private key is the section of the certificate file between (and including) the private key start and end tags. Example:
-----BEGIN RSA PRIVATE KEY----- Private key characters -----END RSA PRIVATE KEY-----
Enter the passphrase for the private key in the passphrase field (if the original private key was encrypted).
If a certificate authority chain is provided with your certificate enter the entire list of certificates (more than one certificate may be provided) in the SSL authority certificate(s) chain field
If Validate certificate chain is enabled Web Security Manager will validate and order the chain certificates.