admin-console
|
Admin console settings (settings general admin-console level):
-
timezone: time zone for your location. Used in rule schedules and for the correct display of time and date in reports, logs, etc.
-
language: interface language:
-
webaccess: web console authorization mode:
-
uc-profile: select the user certificate profile
-
web-ssl-profile: select an SSL profile to set up a secure channel to access the web console. For more details on SSL profiles, see Configuring SSL Profiles.
-
response-pages-ssl-profile: select an SSL profile to set up a secure channel to display web resource block pages and the Captive portal authorization page. For more details on SSL profiles, see Configuring SSL Profiles.
-
api-session-lifetime: admin session timeout in seconds.
|
server-time
|
Configure the exact time settings (settings general server-time level):
-
ntp-enabled: enable/disable the use of NTP servers:
-
primary-ntp-server: specify the primary ntp server.
-
second-ntp-server: specify a backup ntp server.
-
time: set server time (format: yyyy-mm-ddThh:mm:ss, e.g. 2022-02-15T12:00:00; UTC time zone).
|
modules
|
Configure UserGate modules (settings general modules level):
-
proxy-port: specify a non-standard port number for connecting to the built-in proxy server.
-
auth-captive: specify a service domain that UserGate uses to authorize users through the Captive portal.
-
logout-captive: specify a service domain that UserGate users use to end their session (logout).
-
block-page-domain: specify a service domain used to display the block page to users.
-
ftp-enabled: enable/disable the module that allows access to FTP server content from a user browser.
-
ftp-domain: specify a service domain to provide an FTP over HTTP connection to users.
-
tunnel-inspection-zone: select a tunnel inspection zone. You need to specify the following:
-
snmp-engine-id: configure SNMP Engine ID:
-
length <fixed | dynamic>: fixed (8 bytes max; only for text type) or dynamic (27 bytes max.) ID length.
-
type <ip4 | ip6 | mac | text | octets>: SNMP Engine ID format (IPv4, IPv6, MAC address, text, octets).
-
value: the ID value.
-
terminal-sever-agent: configure the password for terminal server agents.
-
lldp: configure the use of Link Layer Discovery Protocol (LLDP), which allows the network equipment operating in a local network to notify devices about its existence, send its characteristics to them, and receive similar information from them. These settings are required:
-
transmit-delay: how long the device will wait before sending advertisements to the neighbors after a change in the LLDP protocol's TLV parameter or the local system state (e.g., a changed hostname or management address). Specified in seconds and can take values from 1 to 3600.
-
transmit-hold: the hold multiplier. The transmit delay multiplied by the transmit hold determines the time to live (TTL) for LLDP packets. Can take values from 1 to 100.
|
cache
|
Configure the proxy server cache (settings general cache level):
-
caching-mode: enable/disable caching.
-
exclusions: the list of URLs that will not be cached. To remove exclusions, use the following command:
Admin@nodename# delete settings general cache exclusions [ <URL> ]
-
max-cacheable-size: maximum size of objects to be cached (in MB).
-
ram-size: RAM size allocated for caching (in MB).
|
log-analyzer
|
Log Analyzer module settings (settings general log-analyzer level):
|
proxy-portal
|
Settings to provide access to internal corporate resources through the web portal (settings general proxy-portal level):
-
enabled: enable/disable the web portal:
-
hostname: name of the host.
-
port: port.
-
auth-profile: select an authentication profile. For more details on configuring authentication profiles using the CLI, see the Configuring Authentication Profiles section.
-
auth-template: select an authentication response page.
-
portal-template: select a portal template.
-
enable-ldap: select an AD/LDAP domain for the authentication page:
-
use-captcha: show CAPTCHA:
-
ssl-profile: select an SSL profile. For more details on configuring authentication profiles using the CLI, see the section Configuring SSL Profiles.
-
certificate: select a certificate.
-
auth-mode: select the authentication method The following methods are available:
-
user-cert-profile: select the user certificate profile when using certificate-based authentication.
|
pcap
|
Admin@nodename# set settings general pcap packet-capture-mode <parameter> Configure packet capture (settings general pcap level):
|
change-tracker
|
Configure change tracker (settings general change-tracker level):
-
enabled: enable/disable change tracker.
-
event-tracker-types: change types are set by an administrator. To delete a change type, use the following command:
Admin@nodename# delete settings general change-tracker event-tracker-types [ type1 ... ]
|
management-center
|
Admin@nodename# set settings general management-center <parameters>
Configure UserGate Management Center agent (settings general management-center level):
-
enabled: enable/disable the UserGate Management Center agent.
-
mc-address: UserGate Management Center server address.
-
device-code: unique device code to connect to the UserGate Management Center.
|
updates-schedule
|
Configure the schedule to download software and library updates (settings general updates-schedule level).
To configure a schedule to update UserGate software, use the following command:
Admin@nodename# set settings general updates-schedule software schedule <schedule/disabled>
You can set up a single schedule to download library updates:
Admin@nodename# set settings general updates-schedule all-libraries schedule <schedule/disabled>
or an individual schedule for each item:
Admin@nodename# set settings general updates-schedule libraries [ lib-module ... ] schedule <schedule/disabled>
The time is set in the Crontab format: (minutes: 0-59) (hours: 0-23) (days of the month: 1-31) (month: 1-12) (days of the week: 0-6; where 0 is Sunday). You can set each field as follows:
-
An asterisk (*) denotes the entire range (from the first number to the last).
-
A dash (-) denotes a number range. For example, "5-7" means 5, 6, and 7.
-
Lists: comma-separated numbers or ranges. For example, "1,5,10,11" or "1-11,19-23".
-
An asterisk or range spacing: used for spacing out values in ranges. The increment is given after a slash. Examples: "2-10/2" means "2,4,6,8,10" while "*/2" in the "hours" field means "every two hours".
To view the update schedule, use the following command:
Admin@nodename# show settings general updates-schedule |
upstream-proxy
|
Configure HTTP redirection to an upstream proxy:
-
enabled: enable/disable traffic redirecting to an upstream proxy (on/off).
-
mode: the upstream proxy type (HTTP(S)/SOCKS5).
-
ip: the upstream proxy's IP address.
-
port: the upstream proxy's port.
-
auth: authentication with the upstream proxy (on/off).
-
name: the upstream proxy login name.
-
password: the upstream proxy password.
|