Administration
From Halon Security
This document is about the Web Administration section Administration. It has three tabs; Users, Interfaces and Remote Systems. All these tabs are associated with the administration of this, and other, appliances. Since the built-in web server is controlled from here (the Interfaces tab), services that uses the web server (such as the Mail Gateway Quarantine) are added from there as well.
Contents |
Users
The users are most importantly used to configure the appliance; either via the Web Administration, or directly using the SOAP API. They can also be used to access the FTP interface (for uploading files), the SSH, RS-232 and VMware console (for basic configuration). Finally, these users are global administrators of the Mail Gateway Quarantine; meaning that they can see, and handle, all messages in the quarantine.
Pressing the Advanced Options check-box on the Users tab allows you to modify a user's permissions. If no access level (flags) are set, the user has full access. You may combine all flags as you like. A user cannot change his own flags.
| Flag | Description |
|---|---|
| r | Configuration Read |
| w | Configuration Write (Implicit) |
| f | FTP |
| q | Quarantine |
Interface
The interface tab controls the administrational interfaces, such as the SSH (secure shell terminal) console, the FTP access service, and most importantly; the Web (HTTP) interface. The web interface does not only serve the Web Administration, but also the SOAP API and Mail Gateway Quarantine.
Secure Shell (SSH)
The SSH interface gives access to the console. It can be useful for looking at logs in real-time, if syslog is unavailable. The interface listens to port 22, and can be connected to using an SSH client like OpenSSH [1] or PuTTY [2]. To block SSH access, choose an IP Policy that blocks everything. By default, there is an IP Policy called "Block All".
It is recommended that you generate a new, unique, SSL certificate.
File Transfer (FTP)
In order to upload files (such as white-lists, logotypes for quarantine branding et cetera) the FTP interface is used. It listens to port 21, and can be access by authenticating as administrational users with the FTP (f) permission flag. To block FTP access, choose an IP Policy that blocks everything. By default, there is an IP Policy called "Block All".
Web Interface (HTTP)
There are two types of web interfaces;
- Administration interfaces, that provides the Web Administration as well as the SOAP API.
- Quarantine interfaces, that provides end-user quarantine and queue management.
As with other services; an interface is defined by a listening port and address, which has to be unique. If you are unable to connect to a newly added web interface, try changing the port. You might have created a conflict by using the same address/port combination for two services. For example, choosing port 22 will not work, as it is used by the SSH interface. To limit web (HTTP) access to just a few address, create an IP Policy flow doing that, and choose that IP Policy for the interface.
It is recommended that you generate a new, unique, SSL certificate.
Syslog
Syslog is one of the most useful tools for debugging and monitoring an H/OS appliance, since the appliance itself contains limited space for logging and history. By using external an external Syslog server, one can have almost unlimited logging traceability. Enabling Syslog is as easy as:
- Deploy a Syslog server
- Type the IP address of your Syslog server into the Address field
- Press Save as New.
Using Syslog also provides for better performance; if internal logging and history is disabled. Please see the performance section.
SNMP
Read our extended guide on how to deploy SNMP.
