Placing UserGate Devices under UGMC Management

A templates group always applies to one or more UserGate NGFW devices. The procedure for adding a managed device to UserGate Management Center consists of the following steps:

Name

Description

Step 1. Enable access to UGMC from the managed device.

On the UGMC server, allow the UserGate Management Center service in the zone to which the managed devices are connected. The UGMC server listens for managed device connections at TCP ports 2022 and 9712.

Data transfer between the UGMC server and managed devices occurs over an encrypted data link.

Step 2. Create a managed device object.

In the NGFW management ➜ NGFW devices section of the realm management console, click Add and provide the desired settings.

Step 3. Link the managed device object just created to a real UserGate NGFW device.

In the UserGate NGFW management console, set up the link between UGMC and the device. This can be done during the initial configuration of a UserGate NGFW or on an already configured NGFW. Both options are described in detail later in this chapter.

When creating a managed device object, provide the following settings:

Name

Description

Enabled

Enables the managed device object. When enabled, the managed device object takes up one license.

Name

The name of the managed device. The name can be arbitrary.

Description

Managed device description.

Templates group

The templates group whose settings should be applied to this managed device.

Sync mode

Select the mode used to synchronize the template group settings with the device. There are three options:

  • Auto sync: the sync is enabled. The settings are applied to the device. A change to any setting in any template of the template group applied to the managed device is propagated immediately to NGFW.

  • Disabled: sync mode is disabled.

  • Manual sync: in this sync mode the settings are applied once on clicking the Sync now button. This option is useful when many template settings need to be changed and applied to the device at once. In this case, you need to disable synchronization, make the desired changes to the templates, and then enable the Manual sync mode.

Regardless of the selected mode, you can start synchronization of all settings for the selected devices (in the NGFW Management ➜ NGFW Devices section click Actions ➜ Run full synchronization).

To enable MD-to-UGMC communication during the initial configuration of a UserGate NGFW, follow these steps:

Name

Description

Step 1. Copy the device code

In UGMC, select the managed device object you created and click Show device unique code. Copy the code to the clipboard.

Step 2. During the initial setup of the NGFW, select installation using UGMC

During the initial setup, at the step where the administrator login and password are set, select the link Configure by UGMC.

Step 3. Provide the desired settings for the new node and enter the unique device code

Specify the following settings:

  • GThe network settings for this UserGate NGFW (IP address, subnet mask, gateway). These settings will be applied to the specified interface. After configuring the network settings, the UGMC server must become accessible over the network from this NGFW.

  • The name and password for a local administrator.

  • The IP address of the UGMC server and the unique device code saved at the first step.

Step 4. Check the connection

After connecting to UGMC, the UserGate NGFW should receive all settings prepared for it in UGMC. In the NGFW, these settings are displayed with a lock icon, meaning that a local administrator cannot change them.

In the UGMC console, the managed device object will display additional information on the connected device, such as PIN code, serial number, license information, RAM usage, etc.

To enable MD-to-UGMC communication for an already configured NGFW, follow these steps:

Name

Description

Step 1. Copy the device code

In UGMC, select the managed device object you created and click Show device unique code. Copy the code to the clipboard.

Step 2. Specify the IP address of the UGMC server and enter the unique device code

In the General settings ➜ UGMC agent, select Configure, specify the IP address of the UGMC server, paste the unique device code, and enable this connection. The UGMC server must be accessible over the network from this NGFW for a successful completion of this step.

Step 3. Check the connection

After connecting to UGMC, the UserGate NGFW should receive all settings prepared for it in UGMC. In the NGFW, these settings are displayed with a lock icon, meaning that a local administrator cannot change them.

In the UGMC console, the managed device object will display additional information on the connected device, such as PIN code, serial number, license information, RAM usage, etc.

After the UserGate firewall has been successfully added to UGMC, the managed device administrator can do the following:

Name

Description

View advanced managed device state information

In the UGMC console, select the managed device object and click Show device details. The following information about the connected device will be displayed:

  • Device software version

  • Device PIN code

  • HSC serial number

  • Device uptime

  • Device load metrics such as CPU load, RAM usage, swap usage, and the number of users connected via the device.

Connect to the managed device console

In the UGMC console, select the managed device object and click Open console. The UserGate NGFW console will open in a new window.

Modify settings

In the UGMC console, modify the settings of a template from the template group applied to the managed device. The new settings will be applied to the UserGate NGFW.