User Guide
Page 23
...your UAG hardware is properly connected. The screens may vary slightly for different models. If you click Apply. If you change the default password, the Login screen appears after you click Ignore, the Installation Setup Wizard opens if the UAG is divided into these parts (...as an example. The Web Configurator screen is using the default user name and password, the Update Admin Info screen appears. Otherwise, the dashboard appears. 5 Follow the directions in using its default configuration; B A C 1.4.2 Web Configurator Screens Overview This guide uses the...
...your UAG hardware is properly connected. The screens may vary slightly for different models. If you click Apply. If you change the default password, the Login screen appears after you click Ignore, the Installation Setup Wizard opens if the UAG is divided into these parts (...as an example. The Web Configurator screen is using the default user name and password, the Update Admin Info screen appears. Otherwise, the dashboard appears. 5 Follow the directions in using its default configuration; B A C 1.4.2 Web Configurator Screens Overview This guide uses the...
User Guide
Page 76
... DH1 or DH2 (although it does not respond, the UAG shuts down the IKE SA. • Authentication Method: Select Pre-Shared Key to use a password or Certificate to the remote IPSec device. MD5 (Message Digest 5) and SHA (Secure Hash Algorithm) are hash algorithms used to Diffie-Hellman Group 2 a...768 bit random number. If there has been no encryption. • Authentication Algorithm: MD5 gives minimal security and SHA512 gives the highest security. DH1 (default) refers to Diffie-Hellman Group 5 a 1536 bit random number. • SA Life Time: Set how often the UAG renegotiates the IKE SA.
... DH1 or DH2 (although it does not respond, the UAG shuts down the IKE SA. • Authentication Method: Select Pre-Shared Key to use a password or Certificate to the remote IPSec device. MD5 (Message Digest 5) and SHA (Secure Hash Algorithm) are hash algorithms used to Diffie-Hellman Group 2 a...768 bit random number. If there has been no encryption. • Authentication Algorithm: MD5 gives minimal security and SHA512 gives the highest security. DH1 (default) refers to Diffie-Hellman Group 5 a 1536 bit random number. • SA Life Time: Set how often the UAG renegotiates the IKE SA.
User Guide
Page 337
... for phone number ViaNett Configuration User Name Password Retype to Confirm License Licensed Service Status License Type Register Now DESCRIPTION Select the check box to turn on the UAG that requires SMS service subscription, the UAG2100 for confirmation. Enter the default country code for your UAG and activate ...to send a text message. Enter the user name for the mobile phone number to which you can use the service to save your password again for example. This section is not activated yet. Otherwise, it displays None. Type your changes to send SMS messages. Apply ...
... for phone number ViaNett Configuration User Name Password Retype to Confirm License Licensed Service Status License Type Register Now DESCRIPTION Select the check box to turn on the UAG that requires SMS service subscription, the UAG2100 for confirmation. Enter the default country code for your UAG and activate ...to send a text message. Enter the user name for the mobile phone number to which you can use the service to save your password again for example. This section is not activated yet. Otherwise, it displays None. Type your changes to send SMS messages. Apply ...
User Guide
Page 400
... user type (see Table 177 on page 399) from the external server. A dynamic guest account has a dynamically-created user name and password. UAG Series User's Guide 400 If the external server does not have to ext-user accounts but are similar to set up an ext...guest accounts pre-subscriber Access network services dynamic-guest Access network services LOGIN METHOD(S) WWW Web Authentication Portal Web Authentication Portal Note: The default admin account is always authenticated locally, regardless of the authentication method setting. (See Chapter 43 on page 464 for more on the...
... user type (see Table 177 on page 399) from the external server. A dynamic guest account has a dynamically-created user name and password. UAG Series User's Guide 400 If the external server does not have to ext-user accounts but are similar to set up an ext...guest accounts pre-subscriber Access network services dynamic-guest Access network services LOGIN METHOD(S) WWW Web Authentication Portal Web Authentication Portal Note: The default admin account is always authenticated locally, regardless of the authentication method setting. (See Chapter 43 on page 464 for more on the...
User Guide
Page 404
...of the RADIUS server's Group Membership Attribute that identifies the group to 60 printable ASCII characters. It can be different than the default settings, select Use Manual Settings then fill your preferred values in again. Enter the description of 4 - 31 alphanumeric characters. ...on page 402. this user account. Retype Group Identifier Enter the password of user accounts the UAG uses: Password • admin - This field is case-sensitive. If you select Use Manual Settings, you select Use Default Settings in a remote server, such as RADIUS. You can ...
...of the RADIUS server's Group Membership Attribute that identifies the group to 60 printable ASCII characters. It can be different than the default settings, select Use Manual Settings then fill your preferred values in again. Enter the description of 4 - 31 alphanumeric characters. ...on page 402. this user account. Retype Group Identifier Enter the password of user accounts the UAG uses: Password • admin - This field is case-sensitive. If you select Use Manual Settings, you select Use Default Settings in a remote server, such as RADIUS. You can ...
User Guide
Page 409
...enabled and the Maximum retry count is locked out for the specified Lockout period. Click Apply to set the default authentication timeout settings for example, wrong password) before the IP address is reached. Type the maximum number of times each user can login unsuccessfully (for... the selected type of time. These default authentication timeout settings also control the settings for a specified amount of user account....
...enabled and the Maximum retry count is locked out for the specified Lockout period. Click Apply to set the default authentication timeout settings for example, wrong password) before the IP address is reached. Type the maximum number of times each user can login unsuccessfully (for... the selected type of time. These default authentication timeout settings also control the settings for a specified amount of user account....
User Guide
Page 469
...'s Guide 469 Click the Details tab and scroll down to where you have the certificate saved on your certificate's public or private passwords. The following procedure describes how to check a certificate's fingerprint to verify that you must provide it to open the Certificate window....correct certificate. Chapter 44 Certificates • Binary PKCS#12: This is within a password-encrypted envelope. Note: Be careful not to convert a binary file to occur since many programs use text files by default. 44.1.3 Verifying a Certificate Before you import a trusted certificate into the UAG, ...
...'s Guide 469 Click the Details tab and scroll down to where you have the certificate saved on your certificate's public or private passwords. The following procedure describes how to check a certificate's fingerprint to verify that you must provide it to open the Certificate window....correct certificate. Chapter 44 Certificates • Binary PKCS#12: This is within a password-encrypted envelope. Note: Be careful not to convert a binary file to occur since many programs use text files by default. 44.1.3 Verifying a Certificate Before you import a trusted certificate into the UAG, ...
User Guide
Page 480
If the issuing certification authority is the default server port number for LDAP. Select this field to display... > Trusted Certificates > Edit LABEL Name Certification Path Refresh LDAP Server Address Port ID Password Certificate Information Type Version Serial Number Subject Issuer DESCRIPTION This field displays the identifying name of the directory server. ...Type the password (up to generate the certificate's key pair (the UAG uses RSA encryption) and the length...
If the issuing certification authority is the default server port number for LDAP. Select this field to display... > Trusted Certificates > Edit LABEL Name Certification Path Refresh LDAP Server Address Port ID Password Certificate Information Type Version Serial Number Subject Issuer DESCRIPTION This field displays the identifying name of the directory server. ...Type the password (up to generate the certificate's key pair (the UAG uses RSA encryption) and the length...
User Guide
Page 520
... and Data Transmission After the identification is verified and data encryption activated, a secure tunnel is implemented on the UAG for management using port 22 (by default). 46.8.3 Requirements for Using SSH You must install an SSH client program on the UAG Your UAG supports SSH versions 1 and 2 using this screen to... manage the UAG. The client then sends its authentication information (user name and password) to the server to log in to have the UAG use both SSH version 1 and version 2 protocols.
... and Data Transmission After the identification is verified and data encryption activated, a secure tunnel is implemented on the UAG for management using port 22 (by default). 46.8.3 Requirements for Using SSH You must install an SSH client program on the UAG Your UAG supports SSH versions 1 and 2 using this screen to... manage the UAG. The client then sends its authentication information (user name and password) to the server to log in to have the UAG use both SSH version 1 and version 2 protocols.
User Guide
Page 522
... 522 Are you sure you to port 22 on the UAG. A message displays indicating the SSH protocol version supported by the UAG. Then enter the password to log in to 172.16.0.1. Connected to the UAG. Escape character is 21:6c:07:25:7e:f4:75:80:ec:af:bd:d4... the SSH service is the first time you are connecting to the UAG using SSH, a message displays prompting you want to the UAG using the default IP address of 172.16.0.1). If this is available on the UAG (using SSH version 1. Chapter 46 System Figure 363 SSH Example 1: Store Host Key...
... 522 Are you sure you to port 22 on the UAG. A message displays indicating the SSH protocol version supported by the UAG. Then enter the password to log in to 172.16.0.1. Connected to the UAG. Escape character is 21:6c:07:25:7e:f4:75:80:ec:af:bd:d4... the SSH service is the first time you are connecting to the UAG using SSH, a message displays prompting you want to the UAG using the default IP address of 172.16.0.1). If this is available on the UAG (using SSH version 1. Chapter 46 System Figure 363 SSH Example 1: Store Host Key...
User Guide
Page 528
... other behavior, configure a rule that service for a service if needed, however you typed. The default is public and allows all requests. To apply other configured rule. This displays whether the computer with...not have the UAG send a trap to the SNMP manager when a managed AP is the password for details on page 506 for incoming Set requests from the UAG. Type the IP address ...UAG using this screen to use the default policy. To change the server port number for remote management. This the index number of a number is the password sent with the IP address specified above...
... other behavior, configure a rule that service for a service if needed, however you typed. The default is public and allows all requests. To apply other configured rule. This displays whether the computer with...not have the UAG send a trap to the SNMP manager when a managed AP is the password for details on page 506 for incoming Set requests from the UAG. Type the IP address ...UAG using this screen to use the default policy. To change the server port number for remote management. This the index number of a number is the password sent with the IP address specified above...
User Guide
Page 550
...in Configuration mode. Table 261 Configuration Files and Shell Scripts in the UAG Configuration Files (.conf) Shell Scripts (.zysh) • Resets to default configuration. • Goes into CLI Configuration mode. • Runs the commands in the configuration file. • Goes into CLI Privilege ...the line as a comment. Figure 381 Configuration File / Shell Script: Example # enter configuration mode configure terminal # change administrator password username admin password 4321 user-type admin # configure wan1 interface wan1 ip address 10.16.17.240 255.255.255.0 ip gateway 10.16....
...in Configuration mode. Table 261 Configuration Files and Shell Scripts in the UAG Configuration Files (.conf) Shell Scripts (.zysh) • Resets to default configuration. • Goes into CLI Configuration mode. • Runs the commands in the configuration file. • Goes into CLI Privilege ...the line as a comment. Figure 381 Configuration File / Shell Script: Example # enter configuration mode configure terminal # change administrator password username admin password 4321 user-type admin # configure wan1 interface wan1 ip address 10.16.17.240 255.255.255.0 ip gateway 10.16....
User Guide
Page 583
...the UAG turned on. Your computer should have a hardware problem. I cannot access the Internet. • Check the UAG's connection to the factory defaults (password is 1234, LAN IP address 172.16.0.1 or 172.17.0.1 etc.; Make sure your local vendor. CHAPTER 53 Troubleshooting This chapter offers some suggestions...your computer's Ethernet card is in for details). • If you've forgotten the UAG's IP address, you 've forgotten the UAG's password, use the commands through the console port to the logs (see Chapter 50 on . It returns the UAG to the Ethernet jack with ...
...the UAG turned on. Your computer should have a hardware problem. I cannot access the Internet. • Check the UAG's connection to the factory defaults (password is 1234, LAN IP address 172.16.0.1 or 172.17.0.1 etc.; Make sure your local vendor. CHAPTER 53 Troubleshooting This chapter offers some suggestions...your computer's Ethernet card is in for details). • If you've forgotten the UAG's IP address, you 've forgotten the UAG's password, use the commands through the console port to the logs (see Chapter 50 on . It returns the UAG to the Ethernet jack with ...
User Guide
Page 585
...Ethernet interface. The UAG routes and applies SNAT for traffic it on the interface. For example, if you recorded your DDNS account's user name, password, and domain name and have entered them properly in the UAG. • You may have it configured it routes from others. Each VLAN ...interface is not applying an interface's configured ingress bandwidth limit. You can also configure a policy route to override the default routing and SNAT behavior for an interface with the Interface Type set to Internal or External. You have a public WAN IP address to use...
...Ethernet interface. The UAG routes and applies SNAT for traffic it on the interface. For example, if you recorded your DDNS account's user name, password, and domain name and have entered them properly in the UAG. • You may have it configured it routes from others. Each VLAN ...interface is not applying an interface's configured ingress bandwidth limit. You can also configure a policy route to override the default routing and SNAT behavior for an interface with the Interface Type set to Internal or External. You have a public WAN IP address to use...
User Guide
Page 587
...be encrypted. Make sure the UAG's current date and time are correct. The file's password is not being applied at the configured times. UAG Series User's Guide 587 You cannot put the default admin account into the UAG. Note: Be careful not to convert a binary file to... convert a binary X.509 certificate into a printable form. • Binary PKCS#7: This is within a password-encrypted envelope. You can also import a certificate in ...
...be encrypted. Make sure the UAG's current date and time are correct. The file's password is not being applied at the configured times. UAG Series User's Guide 587 You cannot put the default admin account into the UAG. Note: Be careful not to convert a binary file to... convert a binary X.509 certificate into a printable form. • Binary PKCS#7: This is within a password-encrypted envelope. You can also import a certificate in ...
User Guide
Page 589
... when either the capture files reach the File Size or the time period specified in the system-default.conf file. My earlier packet capture files are missing. New capture files overwrite existing files of all... firmware. You only need to use the command line interface if you may need to its factory-default settings. This overwrites the settings in the startup-config.conf file with the settings in the Duration field... the UAG by any method or you forget the administrator password(s), you need to its factory-default settings. Note: This procedure removes the current configuration.
... when either the capture files reach the File Size or the time period specified in the system-default.conf file. My earlier packet capture files are missing. New capture files overwrite existing files of all... firmware. You only need to use the command line interface if you may need to its factory-default settings. This overwrites the settings in the startup-config.conf file with the settings in the Duration field... the UAG by any method or you forget the administrator password(s), you need to its factory-default settings. Note: This procedure removes the current configuration.