12.5.2. UserGate General Settings

You configure UserGate server general settings at the settings general level. This is the command structure to configure one of the sections (<settings-module>):

Admin@UGOS# set settings general <settings-module>

You can configure the following sections:

Parameter

Description

admin-console

Admin console settings (settings general admin-console level):

  • timezone: time zone for your location. Used in rule schedules and for the correct display of time and date in reports, logs, etc.

  • language: interface language:

    • ru: Russian.

    • en: English.

  • webaccess: web console authorization mode:

    • password: authorization using a login and a password.

    • cert: authorization using an X.509 certificate.

  • web-ssl-profile: select an SSL profile to set up a secure channel to access the web console. For more details on SSL profiles, see Configuring SSL profiles.

  • response-page-ssl-profile: select an SSL profile to set up a secure channel to display web resource block pages and the Captive portal authorization page. For more details on SSL profiles, see Configuring SSL profiles.

server-time

Configure the exact time settings (settings general server-time level):

  • ntp-enabled: enable/disable the use of NTP servers:

    • on.

    • off.

  • ntp-servers: specify NTP servers (primary and alternate):

    Admin@UGOS# set settings general server-time ntp-servers [ server1 ]

Admin@UGOS# set settings general server-time ntp-servers [ server1 server2 ]

  • time: set server time (format: yyyy-mm-ddThh:mm:ss, e.g. 2022-02-15T12:00:00; UTC time zone).

modules

Configure UserGate modules (settings general modules level):

  • proxy-port: specify a non-standard port number for connecting to the built-in proxy server.

  • auth-captive: specify a service domain that UserGate uses to authorize users through the Captive portal.

  • logout-captive: specify a service domain that UserGate users use to end their session (logout).

  • block-page-domain: specify a service domain used to display the block page to users.

  • ftp-enabled: enable/disable the module that allows access to FTP server content from a user browser.

  • ftp-domain: specify a service domain to provide an FTP over HTTP connection to users.

  • zone-enabled: enable/disable the tunnel inspection zone:

    • on.

    • off.

  • tunnel-inspection-zone: select a tunnel inspection zone.

  • snmp-engine-id: configure SNMP Engine ID:

    • length <fixed | dynamic>: fixed (8 bytes max; only for text type) or dynamic (27 bytes max.) ID length.

    • type <ip4 | ip6 | mac | text | octets>: SNMP Engine ID format (IPv4, IPv6, MAC address, text, octets).

    • value: ID value.

  • terminal-sever-agent password: configure the password for terminal server agents.

  • lldp: configure the use of Link Layer Discovery Protocol (LLDP), which allows the network equipment operating in a local network to notify devices about its existence, send its characteristics to them, and receive similar information from them. These settings are required:

    • transmit-delay: how long the device will wait before sending advertisements to the neighbors after a change in the LLDP protocol's TLV parameter or the local system state (e.g., a changed hostname or management address). Specified in seconds and can take values from 1 to 3600.

    • transmit-hold: the hold multiplier. The transmit delay multiplied by the transmit hold determines the time to live (TTL) for LLDP packets. Can take values from 1 to 100.

cache

Configure the proxy server cache (settings general cache level):

  • caching-mode: enable/disable caching.

    • on.

    • off.

  • exclusions: list of URLs that will not be cached. To remove exclusions, use the following command:

    Admin@UGOS# delete settings general cache exclusions [ <URL> ]

  • max-cacheable-size: maximum size of objects to be cached (in MB).

  • ram-size: RAM size allocated for caching (in MB).

log-analyzer

Log Analyzer module settings (settings general log-analyzer level):

  • use-local-stat-server: use the local Log Analyzer:

    • on.

    • off.

proxy-portal

Settings to provide access to internal corporate resources through the web portal (settings general proxy-portal level):

  • enabled: enable/disable the web portal:

    • on.

    • off.

  • hostname: name of the host.

  • port: port number.

  • auth-profile: select an authentication profile. For more details on configuring authentication profiles using the CLI, see the section Configuring authentication profiles.

  • auth-template: select an authentication response page.

  • portal-template: select a portal template.

  • enable-ldap: select an AD/LDAP domain for the authentication page:

    • on.

    • off.

  • use-captcha: show CAPTCHA:

    • on.

    • off.

  • ssl-profile: select an SSL profile. For more details on configuring profiles using the CLI, see the section Configuring SSL profiles.

  • certificate: select a certificate.

  • auth-by-cert: enable/disable user authentication using a certificate:

    • on.

    • off.

pcap

Configure packet capture (settings general pcap level):

  • type: capture type:

    • no-capture: no capture.

    • one-packet: one packet.

    • previous: previous packets.

    • previous-and-following: previous and following packets.

  • previous-packets: number of previous packets (from 4 to 30).

  • previous-packets: number of following packets (from 2 to 15).

change-tracker

Configure change tracker (settings general change-tracker level):

  • enabled: enable/disable change tracker.

    • on.

    • off.

  • event-tracker-types: change types are set by an administrator. To delete a change type, use the following command:

    Admin@UGOS# delete settings general change-tracker event-tracker-types [ type1 ... ]

management-center

Configure UserGate Management Center agent (settings general management-center level):

  • enabled: enable/disable the UserGate Management Center agent.

    • on.

    • off.

  • mc-address: UserGate Management Center server address.

  • device-code: unique device code to connect to the UserGate Management Center.

updates-schedule

Configure the schedule to download software and library updates (settings general updates-schedule level).

To configure a schedule to update UserGate software, use the following command:

Admin@UGOS# set settings general updates-schedule software-updates schedule advanced

You can set up a single schedule to download library updates:

Admin@UGOS# set settings general updates-schedule libraries-updates all schedule advanced

or an individual schedule for each item:

Admin@UGOS# set settings general updates-schedule libraries-updates [ lib-module ... ] schedule advanced

Time is set in crontab format: (minutes: 0-59) (hours: 0-23) (days of the month: 1-31) (month: 1-12) (days of the week: 0-6; 0 is Sunday). You can set each field as follows:

  • An asterisk (*): denotes the entire range (from the first number to the last).

  • A dash (-): denotes a number range. For example, "5-7" means 5, 6, and 7.

  • Lists: comma-separated numbers or ranges. For example, "1,5,10,11" or "1‑11,19-23".

  • An asterisk or range spacing. Used for spacing out values in ranges. The increment is given after a slash. Examples: "2-10/2" means "2,4,6,8,10" while "*/2" in the "hours" field means "every two hours".

To view the update schedule, use the following command:

Admin@UGOS# show settings general updates-schedule