UserGate General Settings

You configure UserGate server general settings at the settings general level. This is the command structure to configure one of the sections (<settings-module>):

Admin@nodename# set settings general <settings-module>

You can configure the following sections:

Parameter

Description

admin-console

Admin console settings (settings general admin-console level):

  • timezone: time zone for your location. Used in rule schedules and for the correct display of time and date in reports, logs, etc.

  • language: interface language:

    • ru: Russian

    • en: English

  • webaccess: web console authorization mode:

    • password: authentication using a login and a password

    • cert: authentication by X.509 certificate

  • uc-profile: select the user certificate profile

  • web-ssl-profile: select an SSL profile to set up a secure channel to access the web console. For more details on SSL profiles, see Configuring SSL Profiles.

  • response-pages-ssl-profile: select an SSL profile to set up a secure channel to display web resource block pages and the Captive portal authorization page. For more details on SSL profiles, see Configuring SSL Profiles.

  • api-session-lifetime: admin session timeout in seconds.

server-time

Configure the exact time settings (settings general server-time level):

  • ntp-enabled: enable/disable the use of NTP servers:

    • on

    • off

  • primary-ntp-server: specify the primary ntp server.

  • second-ntp-server: specify a backup ntp server.

  • time: set server time (format: yyyy-mm-ddThh:mm:ss, e.g. 2022-02-15T12:00:00; UTC time zone).

modules

Configure UserGate modules (settings general modules level):

  • proxy-port: specify a non-standard port number for connecting to the built-in proxy server.

  • auth-captive: specify a service domain that UserGate uses to authorize users through the Captive portal.

  • logout-captive: specify a service domain that UserGate users use to end their session (logout).

  • block-page-domain: specify a service domain used to display the block page to users.

  • ftp-enabled: enable/disable the module that allows access to FTP server content from a user browser.

  • ftp-domain: specify a service domain to provide an FTP over HTTP connection to users.

  • tunnel-inspection-zone: select a tunnel inspection zone. You need to specify the following:

    • enabled: enable/disable the zone

    • name: specify the zone name

  • snmp-engine-id: configure SNMP Engine ID:

    • length <fixed | dynamic>: fixed (8 bytes max; only for text type) or dynamic (27 bytes max.) ID length.

    • type <ip4 | ip6 | mac | text | octets>: SNMP Engine ID format (IPv4, IPv6, MAC address, text, octets).

    • value: the ID value.

  • terminal-sever-agent: configure the password for terminal server agents.

  • lldp: configure the use of Link Layer Discovery Protocol (LLDP), which allows the network equipment operating in a local network to notify devices about its existence, send its characteristics to them, and receive similar information from them. These settings are required:

    • transmit-delay: how long the device will wait before sending advertisements to the neighbors after a change in the LLDP protocol's TLV parameter or the local system state (e.g., a changed hostname or management address). Specified in seconds and can take values from 1 to 3600.

    • transmit-hold: the hold multiplier. The transmit delay multiplied by the transmit hold determines the time to live (TTL) for LLDP packets. Can take values from 1 to 100.

cache

Configure the proxy server cache (settings general cache level):

  • caching-mode: enable/disable caching.

    • on

    • off

  • exclusions: the list of URLs that will not be cached. To remove exclusions, use the following command:

    Admin@nodename# delete settings general cache exclusions [ <URL> ]

  • max-cacheable-size: maximum size of objects to be cached (in MB).

  • ram-size: RAM size allocated for caching (in MB).

log-analyzer

Log Analyzer module settings (settings general log-analyzer level):

  • use-local-stat-server: use the local Log Analyzer:

    • on

    • off

proxy-portal

Settings to provide access to internal corporate resources through the web portal (settings general proxy-portal level):

  • enabled: enable/disable the web portal:

    • on

    • off

  • hostname: name of the host.

  • port: port.

  • auth-profile: select an authentication profile. For more details on configuring authentication profiles using the CLI, see the Configuring Authentication Profiles section.

  • auth-template: select an authentication response page.

  • portal-template: select a portal template.

  • enable-ldap: select an AD/LDAP domain for the authentication page:

    • on

    • off

  • use-captcha: show CAPTCHA:

    • on

    • off

  • ssl-profile: select an SSL profile. For more details on configuring authentication profiles using the CLI, see the section Configuring SSL Profiles.

  • certificate: select a certificate.

  • auth-mode: select the authentication method The following methods are available:

    • aaa: authenticate local users via login/password or authenticate users on the AAA server.

    • pki: X.509 certificate-based authentication.

  • user-cert-profile: select the user certificate profile when using certificate-based authentication.

pcap

Admin@nodename# set settings general pcap packet-capture-mode <parameter>
Configure packet capture (settings general pcap level):

  • no-capture: no capture.

  • one-packet: one packet.

  • previous: previous packets.

  • previous-and-following: previous and following packets.

    • previous-packets: number of previous packets (from 4 to 30).

    • previous-packets: number of following packets (from 2 to 15).

change-tracker

Configure change tracker (settings general change-tracker level):

  • enabled: enable/disable change tracker.

    • on

    • off

  • event-tracker-types: change types are set by an administrator. To delete a change type, use the following command:

    Admin@nodename# delete settings general change-tracker event-tracker-types [ type1 ... ]

management-center

Admin@nodename# set settings general management-center <parameters>

Configure UserGate Management Center agent (settings general management-center level):

  • enabled: enable/disable the UserGate Management Center agent.

    • on

    • off

  • mc-address: UserGate Management Center server address.

  • device-code: unique device code to connect to the UserGate Management Center.

updates-schedule

Configure the schedule to download software and library updates (settings general updates-schedule level).

To configure a schedule to update UserGate software, use the following command:

Admin@nodename# set settings general updates-schedule software schedule <schedule/disabled>

You can set up a single schedule to download library updates:

Admin@nodename# set settings general updates-schedule all-libraries schedule <schedule/disabled>

or an individual schedule for each item:

Admin@nodename# set settings general updates-schedule libraries [ lib-module ... ] schedule <schedule/disabled>

The time is set in the Crontab format: (minutes: 0-59) (hours: 0-23) (days of the month: 1-31) (month: 1-12) (days of the week: 0-6; where 0 is Sunday). You can set each field as follows:

  • An asterisk (*) denotes the entire range (from the first number to the last).

  • A dash (-) denotes a number range. For example, "5-7" means 5, 6, and 7.

  • Lists: comma-separated numbers or ranges. For example, "1,5,10,11" or "1-11,19-23".

  • An asterisk or range spacing: used for spacing out values in ranges. The increment is given after a slash. Examples: "2-10/2" means "2,4,6,8,10" while "*/2" in the "hours" field means "every two hours".

To view the update schedule, use the following command:

Admin@nodename# show settings general updates-schedule

upstream-proxy

Configure HTTP redirection to an upstream proxy:

  • enabled: enable/disable traffic redirecting to an upstream proxy (on/off).

  • mode: the upstream proxy type (HTTP(S)/SOCKS5).

  • ip: the upstream proxy's IP address.

  • port: the upstream proxy's port.

  • auth: authentication with the upstream proxy (on/off).

  • name: the upstream proxy login name.

  • password: the upstream proxy password.