Web Interface Configuration
The settings on the Interface Configuration page enable you to control access to the configuration web interface (CWI). There are three principle security controls:
•Access - You can restrict which users can access the CWI based on the IP address of their workstation.
•Communication - You can select whether to communicate with the CWI via an unsecured (http) or secured (https) protocol.
•Authentication - You can decide how the CWI users will be authenticated: user-entered password or validation of a client certificate.
These three controls can be used in any combination that meets the needs of your organization. You can also define up to three combinations for different groups. For example, you can allow unsecured (http) connections on your local network, but require secured (https) connect ons over your WAN.
There are 3 tabs on the Interface Configuration page:
•IP Access tab - Allows you to define sub-networks for a given access group, which allows users to access the CWI. Click the link in the Group list column to view the group Network and Mask settings. You can create multiple sub-networks within a single group.
•Certificates tab - Allows you to create a host certificate required to enable https access to the server. For example, in the default configuration, users accessing the CWI through port 7771 will access the server by validating access with the host certificate created on the Certificates tab. The Upload button is disabled since only internally generated certificates are currently supported.
•Listeners tab - Defines on which ports the CWI is running. You can define up to 3 access ports. Configure the settings on the Listeners tab:
•Port - Defines on which port the CWI web server will be listening for user requests. By default the CWI listens on port 7770. You can modify the setting to use the default port for http (80), the default SSL port (443 or 8443), or any other available port.
•SSL - Configures whether the communication from the client to the server will require secure socket layer encryption. If you select this option, the certificates identified on the Certificates tab will be used to authenticate the CWI server.
•Verification - Defines how CWI users will be authenticated. If set to Digest MD5 or NTLM, users will be prompted for a username and password, which must match their user settings in the CWI. If set to Verify Client Certificate, the user will be validated using a client certificate they must have installed in their browser.
•Handler Type - Specifies the communications protocol: HTTP or XMLRPC.
•IP Access List - References one of the IP Access groups defined on the IP Access tab. If you don’t want to restrict access to this listener based on the user’s IP Address, select None.
To Establish Access Control for the CWI:
1.On the Management Portal menu window, click System Configuration > Host > Interface Configuration.
2.On the IP Access tab, type a name for the sub-network and click the Add button.
3.Click the link in the Group list column and enter the Network and Mask settings in the fields at the bottom of the page.
4.Click the Add button.
5.Click the Update button.
6.Click the Certificates tab and generate the certificate for server and client computers.
7.Click the Listeners tab and define users who have access to each sub network by configuring the settings, then click the Update button.
8.Click the Commit Changes button to enact the changes.
If you are using Certificates, also Perform these Steps:
1.In the Management Portal, navigate to Users > Users, click a user link in the Login column and click the Security tab. Download the appropriate certificate by clicking the Download or Renew button (you will need to provide a password).
2.Transfer the downloaded certificate to the user's computer.
3.Use the browser on the user's computer to import the certificate. Refer to the instructions specific to each browser for information on installing the client certificate.
4.When you open your browser to the URL of the CWI using a secure listener (example: https://localhost:7771/portal/index), the Choose a digital certificate dialog box opens. Select your certificate and click OK.
Was this article useful?
Copyright © 2019, Ivanti. All rights reserved.