User Interface settings

The User Interface settings are used for configuring the local user interface on a Web Gateway appliance. This includes the configuration of ports, the logon page, a certificate for communication under HTTPS, and other items.

UI Access

Settings for configuring access to the interface of an appliance

Table 1: UI Access
Option Definition
HTTP connector

Provides options for configuring access to the interface of an appliance under HTTP.

  • Enable local user interface over HTTP — When selected, the HTTP ports that are configured on an appliance for connecting to the interface are enabled.

  • HTTP connector — Specifies an HTTP port for connecting to the interface.

    You can enter more than one port here, separating entries by commas. Ports can range from 1024 to 65335.

    Together with a port, you can enter an IP address. This means connecting to the interface of an appliance over this port requires that you specify both the port and this IP address.

    For example, there are two interfaces for connecting on an appliance with these IP addresses:

    eth0: 192.168.0.10, eth1: 10.149.110.10

    You enter this under HTTP connector:

    4711, 192.168.0.10:4722

    Then connecting to a file server on the appliance over port 4711 is allowed using both IP addresses, whereas connecting over port 4722 requires that IP address 192.168.0.10 is used.

    Restricting connections in this way might be useful, for example, if you want to set up an intranet.

  • Enable REST interface over HTTP — When selected, you can use the HTTP ports that are configured to connect to the REST interface.

HTTPS connector

Provides options for configuring access to the interface of an appliance under HTTPS.

  • Enable local user interface over HTTPS — When selected, the HTTP ports that are configured on an appliance for connecting to the interface are enabled.

  • HTTPS connector — Specifies an HTTPS port for connecting to the interface.

    You can enter more than one port here, separating entries by commas. Ports can range from 1024 to 65335.

    Entering a port together with an IP address can be done in the same way as under HTTP connector and has the same meaning.

  • Enable REST interface over HTTPS — When selected, you can use the HTTP ports that are configured to connect to the REST interface.

Using the following options, you can specify a protocol and a list of valid ciphers for the HTTPS communication.

  • SSL protocol version — Specifies the version of the SSL protocol that is used for communication with the interface.

    • TLS 1.2
    • TLS 1.1
    • TLS 1.0
  • Server cipher list — Specifies a string of Open SSL symbols used for encrypting communication with the interface.

HTTPS client certificate connector

Provides options for configuring a client certificate connector.

  • Enable client certificate authentication — When selected, client certificate authentication can be performed.

  • HTTPS connector for client certificate authentication — Specifies a port for connecting to the interface when client certificate authentication is performed.

    You can enter more than one port here, separating entries by commas. Ports can range from 1024 to 65335.

    Entering a port together with an IP address can be done in the same way as under HTTP connector and has the same meaning.

  • Redirect target after authentication — When selected, a request is redirected after client certificate authentication has successfully been performed.

  • Redirection host and port — Specifies the host system and the port on the system that requests are redirected to.

Miscellaneous

Provides miscellaneous options for configuring access to the interface of an appliance.

  • Session timeout — Limits the time (in minutes) that elapses before a session on the interface is closed if no activities occur.

    The range for the session timeout is 1–99,999 minutes.

    The timeout is 30 minutes by default.

Login Page Options

Settings for the page that is used to log on to the interface of an appliance

Table 2: Login Page Options
Option Definition
Allow browser to save login credentials When selected, credentials submitted by a user for logging on to the interface are saved by the browser.
Restrict browser session to IP address of user When selected, a session for working with the interface is only valid as long as the IP address of the client that the user started this session from remains the same.
Let user decide to restrict session for IP address or not When selected, it is up to the user who started a session for working with the interface whether it should be valid only for the IP address of the client that the session was started from.
Allow multiple logins per login name When selected, more than one user can log on to the interface under the same user name and password.
Use HTTPOnly session cookies (applet loading may take longer) When selected, HTTPOnly cookies are used for a session with the user interface.
Enable protection against cross-site scripting and clickjacking

When selected, the page used by the administrator for logging on to the interface of a Web Gateway appliance from a browser is protected against a common type of attack.

The attack can be performed by combining two methods. Two HTTP headers are added when the page is sent to the browser to prevent these methods from being executed.

  • Cross-site scripting — Malicious JavaScript code is inserted in the page, which is executed when the administrator responds to a prompt on the page, for example, by entering a user name.

    Adding the following header to messages prevents the execution of this attack:

    Header name: X-XSS-Protection

    Header value: 1

  • Clickjacking — The page is embedded in an iFrame, which can be used to steal the data that is entered on the page.

    Adding the following header to messages prevents the execution of this attack:

    Header name: X-Frame-Options

    Header value: DENY

Maximum number of active applet users

Limits the number of users that can be logged on to the interface at the same time.

The maximum number of users is 20 by default.

Login message

Provides the following options for displaying an additional message on the page used for logging on to the interface.

Note: You can work with these options if you want to display a message, for example, to comply with internal policies or external regulations.
  • Show on login page — When selected, the text that you type in the HTML message field, appears on the logon page.

  • HTML message — The text that you type in this field appears on the logon page.

User Interface Certificate

Settings for a certificate that is used in SSL-secured communication over the HTTPS port for the interface of an appliance.

Table 3: User Interface Certificate
Option Definition
Subject, Issuer, Validity, Extensions Provide information about the certificate that is currently in use.
Import Opens the Import Certificate Authority window for importing a new certificate.
Certificate chain Displays a certificate chain that is imported with a certificate.

Import Certificate Authority window

Settings for importing a certificate that is used in SSL-secured communication

Table 4: Import Certificate Authority window
Option Definition
Certificate

Specifies the name of a certificate file.

The file name can be entered manually or by using the Browse button in the same line.

Browse Opens the local file manager to let you browse for and select a certificate file.
Private key

Specifies the name of a private key file.

The file name can be entered manually or by using the Browse button in the same line.

Only keys that are AES-128-bit encrypted or unencrypted keys can be used here.

Browse Opens the local file manager to let you browse for and select a private key file.
Password Sets a password that allows the use of a private key.
Import Opens the Import Certificate Authority window for importing a new certificate.
OK Starts the import process for the specified certificate.
Certificate chain

Specifies the name of a certificate chain file.

The file name can be entered manually or by using the Browse button in the same line.

Browse

Opens the local file manager to let you browse for and select a certificate chain file.

After importing a certificate with a certificate chain, the certificate chain is displayed in the Certificate chain field of the User Interface Certificate settings.

Memory Settings

Settings for the memory that is available when working with the interface of an appliance

Table 5: Memory Settings
Option Definition
Amount of maximum memory available for GUI applet

Limits the amount of memory (in MiB) that is available for the interface applet.

The range for the available maximum is 100–999 MiB.

The available maximum is 512 MiB by default.

Amount of maximum memory available for MWG UI backend

Limits the amount of memory (in MiB) that is available for the backedn of the interface.

The range for the available maximum is 100–9999 MiB.

If no value is specified here, the default maximum of 512 MiB is configured.

REST Settings

Settings for configuring use of the REST interface to work with an appliance

Table 6: REST Settings
Option Definition
Maximum size of a REST request

Limits the size (in MiB) of a request that is sent to the REST interface.

Note: The maximum amount of memory that is available when working with the REST interface is 200 MiB.

The maximum size of a request is 2 MiB by default.

Maximum memory per REST session

Limits the amount of memory (in MiB) that is available for a session when working with the REST interface.

Note: The maximum amount of memory that is available when working with the REST interface is 200 MiB.

The maximum amount of memory for a session is 10 MiB by default.

Maximum number of active REST users

Limits the number of users that can work with the REST interface at the same time.

The maximum number of users is 20 by default.