Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

User Interface settings

  1. Last updated
  2. Save as PDF

The User Interface settings are used for configuring the local user interface on a Web Gateway appliance. This includes the configuration of ports, the logon page, a certificate for communication under HTTPS, and other items.

UI Access

Settings for configuring access to the interface of an appliance

Option Definition
HTTP connector

Provides options for configuring access to the interface of an appliance under HTTP.

Enable local user interface over HTTP — When selected, the HTTP ports that are configured on an
appliance for connecting to the interface are enabled.
HTTP connector — Specifies an HTTP port for connecting to the interface.
You can enter more than one port here, separating entries by commas. Ports can range
from 1024 to 65335.
Together with a port, you can enter an IP address. This means connecting to the interface of
an appliance over this port requires that you specify both the port and this IP address.
For example, there are two interfaces for connecting on an appliance with these IP
addresses:
eth0: 192.168.0.10, eth1: 10.149.110.10
You enter this under HTTP connector:
4711, 192.168.0.10:4722
Then connecting to a file server on the appliance over port 4711 is allowed using both IP
addresses, whereas connecting over port 4722 requires that IP address 192.168.0.10 is
used.
Restricting connections in this way might be useful, for example, if you want to set up an
intranet.
Enable REST interface over HTTP — When selected, you can use the HTTP ports that are
configured to connect to the REST interface.
HTTPS connector Provides options for configuring access to the interface of an appliance under HTTPS.
Enable local user interface over HTTPS — When selected, the HTTP ports that are configured on
an appliance for connecting to the interface are enabled.
HTTPS connector — Specifies an HTTPS port for connecting to the interface.
You can enter more than one port here, separating entries by commas. Ports can range
from 1024 to 65335.
Entering a port together with an IP address can be done in the same way as under HTTP
connector and has the same meaning.
Enable REST interface over HTTPS — When selected, you can use the HTTP ports that are
configured to connect to the REST interface.
Using the following options, you can specify a protocol and a list of valid ciphers for the HTTPS
communication.
SSL protocol version — Specifies the version of the SSL protocol that is used for
communication with the interface.
• TLS 1.2
• TLS 1.1
• TLS 1.0
Server cipher list — Specifies a string of Open SSL symbols used for encrypting
communication with the interface.
HTTPS client
certificate
connector		 Provides options for configuring a client certificate connector.
Enable client certificate authentication — When selected, client certificate authentication can be
performed.
HTTPS connector for client certificate authentication — Specifies a port for connecting to the
interface when client certificate authentication is performed.
You can enter more than one port here, separating entries by commas. Ports can range
from 1024 to 65335.
Entering a port together with an IP address can be done in the same way as under HTTP
connector and has the same meaning.
Redirect target after authentication — When selected, a request is redirected after client
certificate authentication has successfully been performed.
Redirection host and port — Specifies the host system and the port on the system that requests
are redirected to.
Miscellaneous Provides miscellaneous options for configuring access to the interface of an appliance.
Session timeout — Limits the time (in minutes) that elapses before a session on the interface
is closed if no activities occur.
The range for the session timeout is 1–99,999 minutes.
The timeout is 30 minutes by default.

Login Page Options

Settings for the page that is used to log on to the interface of an appliance

Option Definition
Allow browser to save
login credentials		 When selected, credentials submitted by a user for logging on to the interface are
saved by the browser.
Restrict browser session
to IP address of user		 When selected, a session for working with the interface is only valid as long as the IP
address of the client that the user started this session from remains the same.
Let user decide to restrict
session for IP address or
not		 When selected, it is up to the user who started a session for working with the interface
whether it should be valid only for the IP address of the client that the session was
started from.
Allow multiple logins per
login name		 When selected, more than one user can log on to the interface under the same user
name and password.
Use HTTPOnly session
cookies (applet loading
may take longer)		 When selected, HTTPOnly cookies are used for a session with the user interface.
Enable protection against
cross-site scripting and
clickjacking		 When selected, the page used by the administrator for logging on to the interface of a Web Gateway appliance from a browser is protected against a common type of attack.
The attack can be performed by combining two methods. Two HTTP headers are
added when the page is sent to the browser to prevent these methods from being
executed.

Cross-site scripting — Malicious JavaScript code is inserted in the page, which is
executed when the administrator responds to a prompt on the page, for example, by
entering a user name.
Adding the following header to messages prevents the execution of this attack:
Header name: X-XSS-Protection
Header value: 1

Clickjacking — The page is embedded in an iFrame, which can be used to steal the
data that is entered on the page.
Adding the following header to messages prevents the execution of this attack:
Header name: X-Frame-Options
Header value: DENY
Maximum number of
active applet users		 Limits the number of users that can be logged on to the interface at the same time.
The maximum number of users is 20 by default.
Login message

Provides the following options for displaying an additional message on the page used
for logging on to the interface.

You can work with these options if you want to display a message, for example, to
comply with internal policies or external regulations.

Show on login page — When selected, the text that you type in the HTML message field,
appears on the logon page.

HTML message — The text that you type in this field appears on the logon page.

 

User Interface Certificate

Settings for a certificate that is used in SSL-secured communication over the HTTPS port for the interface of an appliance.

Option Definition
Subject, Issuer, Validity, Extensions When selected, credentials submitted by a user for logging on to the interface are saved by the browser.
Import Opens the Import Certificate Authority window for importing a new certificate.
Certificate chain Displays a certificate chain that is imported with a certificate.

 

Import Certificate Authority window

Settings for importing a certificate that is used in SSL-secured communication

Option Definition
Certificate Specifies the name of a certificate file.
The file name can be entered manually or by using the Browse button in the same line.
Browse Opens the local file manager to let you browse for and select a certificate file.
Private key Specifies the name of a private key file.
The file name can be entered manually or by using the Browse button in the same line.
Only keys that are AES-128-bit encrypted or unencrypted keys can be used here.
Browse Opens the local file manager to let you browse for and select a private key file.
Password Sets a password that allows the use of a private key.
Import Opens the Import Certificate Authority window for importing a new certificate.
OK Starts the import process for the specified certificate.
Certificate chain Specifies the name of a certificate chain file.
The file name can be entered manually or by using the Browse button in the same line.
Browse Opens the local file manager to let you browse for and select a certificate chain file.
After importing a certificate with a certificate chain, the certificate chain is displayed in the
Certificate chain field of the User Interface Certificate settings.

Memory Settings

Settings for the memory that is available when working with the interface of an appliance

Option Definition
Amount of maximum memory
available for GUI applet		 Limits the amount of memory (in MiB) that is available for the interface applet.
The range for the available maximum is 100–999 MiB.
The available maximum is 512 MiB by default.
Amount of maximum memory
available for MWG UI backend		 Limits the amount of memory (in MiB) that is available for the backedn of the
interface.
The range for the available maximum is 100–9999 MiB.
If no value is specified here, the default maximum of 512 MiB is configured.

STAX Parsing Settings 

Option Definition
Size limit of single XML attributes (8-999) mb 

Configurable size limit of single XML attributes
The range for the available maximum is 8–999 MiB.

 

REST Settings

Settings for configuring use of the REST interface to work with an appliance

Option Definition
Maximum size of a REST
request

Limits the size (in MiB) of a request that is sent to the REST interface.

The maximum amount of memory that is available when working with the REST interface is 200 MiB.

The maximum size of a request is 2 MiB by default.
Maximum memory per REST session

Limits the amount of memory (in MiB) that is available for a session when working with
the REST interface.

The maximum amount of memory that is available when working with the REST interface is 200 MiB.

The maximum amount of memory for a session is 10 MiB by default.
Maximum number of
active REST users		 Limits the number of users that can work with the REST interface at the same time.
The maximum number of users is 20 by default.

 

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
  2. Tags
    This page has no tags.