Configuring diagnostics
At the settings radmin level, you can enable or disable remote access to the server for the UserGate technical support (Radmin). To enable/disable Radmin, use the following command:
Admin@nodename# set settings radmin enabled <on | off>
To view the Radmin state, use the following command:
Admin@nodename# show settings radmin
The server diagnostics settings that the technical support team needs for troubleshooting are set at the settings loglevel level. You can use the following command to set the desired diagnostic details level (disabled; errors only; errors and warnings; errors, warnings, and additional information; maximum level of detail):
Admin@nodename# set settings loglevel value <off | error | warning | info | debug>
To view the status of the diagnostics detail level, use the following command:
Admin@nodename# show settings loglevel value : error
Configuring radmin emergency
To activate the remote assistant when a problem with the node's core software arises, the administrator can log in to the CLI using the root administrator account created when UserGate was initialized. Usually, this is the Admin account; however, it is not always so. To log in, specify the name as Admin@emergency and use the root administrator password as the password. To enable/disable remote access to the server for technical support in such cases, use the following command:
Admin@nodename# set radmin-emergency enabled <on | off>
Parameter |
Description |
---|---|
interface |
The interface name. |
ip-addr |
Interface IP address and mask. |
gateway-address |
Gateway IP address. |
Configuring server operations
To set an update channel, use the following command:
Admin@nodename# set settings device-mgmt updates-channel <stable | beta>
To view any updates and the selected update channel, use the following command:
Admin@nodename# show settings device-mgmt updates-channel
System backup management
A device backup is created at the settings device-mgmt level. To create a backup rule and upload files to external FTP/SSH servers, use the following command:
Admin@nodename# create settings device-mgmt settings-backup <parameters>
The available parameters include:
Parameter |
Description |
---|---|
enabled |
Enable/disable the device backup rule. |
name |
The name of the backup rule. |
description |
A description of the backup rule. |
type |
Select a remote server to export files:
|
address |
Remote server IP address. |
port |
Port: |
login |
Remote server login name. |
password |
Password for the login name. |
path |
Directory path to upload the files to. |
schedule |
The backup file export schedule. The time is set in the Crontab format: (minutes: 0-59) (hours: 0-23) (days of the month: 1-31) (month: 1-12) (days of the week: 0-6; where 0 is Sunday). You can set each field as follows:
|
To edit an existing UserGate device backup rule, use the following command:
Admin@nodename# set settings device-mgmt settings-backup <rule-name>
You can use the same set of parameters as when creating rules.
To delete a backup rule:
Admin@nodename# delete settings device-mgmt settings-backup <rule-name>
To display a backup rule:
Admin@nodename# show settings device-mgmt settings-backup <rule-name>
In the rule edit, delete, or display commands, <filter> can include the parameters specified in an existing rule in addition to the rule name (this can be helpful if there are multiple rules with the same name). Parameters used to identify an export rule are similar to those of the set command.
Settings Export
You create and configure export settings rules at the settings device-mgmt settings-export level.
To create an export settings rule, use the following command:
Admin@nodename# create settings device-mgmt settings-export ( <parameters> )
Available parameters:
Parameter |
Description |
---|---|
enabled |
Enable/disable an export settings rule for the UserGate server. |
name |
Export rule name. |
description |
Export rule description. |
type |
Select a remote server to export settings:
|
address |
Remote server IP address. |
port |
Port: |
login |
Remote server login name. |
password |
Password for the login name. |
path |
Directory path to upload the settings to. |
schedule |
Schedule for settings export. The time is set in the Crontab format: (minutes: 0-59) (hours: 0-23) (days of the month: 1-31) (month: 1-12) (days of the week: 0-6; where 0 is Sunday). You can set each field as follows:
|
To update an existing rule to export UserGate server settings, use the following command:
Admin@nodename# set settings device-mgmt settings-export <rule-name>
You can use the same set of parameters as when creating rules.
To delete a rule to export settings, use the following command:
Admin@nodename# delete settings device-mgmt settings-export <rule-name>
To display a rule to export settings, use the following command:
Admin@nodename# show settings device-mgmt settings-export <rule-name>
For update, delete or display rule commands, you can set <filter> not only to the rule name, but also to the parameters specified in an existing rule (this may be helpful if there is more than one rule with the same name). Parameters used to identify an export rule are similar to those of the set command.
Settings for protecting configuration data from changes
To configure settings for protecting product configuration data (settings) from being changed, use the following command:
Admin@nodename# set settings change-control config <off | log | block>
Configuration data integrity is checked every few minutes after UserGate boots.
-
log: enable configuration change tracking. If any changes are detected, UserGate records this information in the event log. A password is required which will be used to change the tracking mode.
-
off: disable configuration change tracking. Requires the password that was set when enabling the configuration change tracking.
-
log --- активирует режим отслеживания несанкционированных изменений исполняемого кода. A password is required which will be used to change the tracking mode. If any changes are detected, UserGate records this information in the event log and creates a firewall blocking rule that denies any transit traffic through UserGate.
Before enabling configuration data protection, the administrator configures the product according to the organization's requirements and then "freezes" the settings (log or block mode). Any setting change through the web interface, CLI, or other means will result in logging and/or blocking of transit traffic, depending on the selected mode.
To view the current configuration data protection mode, use the following command:
Admin@nodename# show settings change-control config
Protect executable files from changes
To configure settings to protect product executable code from potential unauthorized modification, use the following command:
Admin@nodename# set settings change-control code <off | log | block>
Executable code integrity is checked every few minutes after UserGate boots.
-
block --- активирует режим отслеживания изменений конфигурации. If any changes are detected, UserGate records this information in the event log. A password is required which will be used to change the tracking mode.
-
off: disable the tracking of unauthorized changes in executable code. Requires the password that was set when enabling the executable code change tracking.
-
block: enable the tracking of unauthorized changes in executable code. A password is required which will be used to change the tracking mode. If any changes are detected, UserGate records this information in the event log and creates a firewall blocking rule that denies any transit traffic through UserGate. To disable an existing firewall rule you need to disable tracking of unauthorized changes.
To view the current executable file protection mode, use the following command:
Admin@nodename# show settings change-control code
Configuring Accelerated Network Traffic Processing Mode
To enable/disable the accelerated traffic processing mode, use the command:
Admin@nodename# set settings fastpath enabled <on/off>
To view the settings for the accelerated traffic processing mode, use the command:
Admin@nodename# show settings fastpath