Using the Configuration Wizard

Use the configuration wizard to set up the following:

Global Backend Servers–WebApp Secure can protect an unlimited number of web applications, each with their own backend server(s). In a separate section, the process for over-riding backend servers for each application is described. However, you must define at least one server at the global level. This server will service requests that reach WebApp Secure but do not match a configured application.

SMTP Server–WebApp Secure can e-mail alerts to your administration team. While the appliance can serve as its own mail server, we recommend that you use a valid mail server for your network.

The following SMTP server configurations are supported for e-mail alerts.

Use the Wizard to configure SMTP servers, or in the main Web UI, navigate to Configuration > Services > SMTP settings and configure the following:

Note: After you enter the server information, click the Test SMTP Connection Settings link to make sure the server can be reached.

Figure 17: Wizard, Configure SMTP Settings, Step 3

Wizard, Configure SMTP Settings, Step 3

Alert Service–WebApp Secure can send alerts to an SNMP server or by e-mail to appropriate personnel. The alert service is optional, and defaults to No. If you choose not to activate alerts, the Wizard skips to the next section.

Figure 18: Wizard, Configure Alert Service , Step 4

Wizard, Configure Alert Service , Step 4

Figure 19: Wizard, Configure Alert Service , Step 5

Wizard, Configure Alert Service , Step 5

If you choose to activate alerts, you have the option of setting up the number of SNMP servers to alert and the number of e-mail addresses to which messages are sent. The default values to both are 0.

Figure 20: Wizard, Configure Alert Service , SNMP, Step 6

Wizard, Configure Alert Service , SNMP, Step 6

If you activate SNMP Alerts, the wizard prompts you for the server address and the port to which alerts are sent.

If you are configuring e-mail alerts, the following fields are required:

You are also given the option of having alerts sent on the weekend. You can build complex schedules by creating multiple entries for the same person. For example, could have an entry named admin-weekday that specifies 8 AM to 5 PM, M-F, and a second entry named adminweekend that specified 6 AM to 6 PM.

Figure 21: Wizard, Configure Alert Service , Email Contacts, Step 7

Wizard, Configure Alert Service , Email Contacts, Step

Note: Configuration of advanced features, such as encryption keys, are not available in the wizard.

Backups–WebApp Secure can perform regular, scheduled backups of all data. You can select backups using FTP or SSH.

Figure 22: Wizard, Configure Backup Service

Wizard, Configure Backup Service

The backup service lets you specify the following fields:

Spotlight Secure –Spotlight Secure provides a way to import malicious profiles from other subscribers to the service. The service is licensed separately and is enabled by default, but you can choose to disable it.

Wizard Confirmation Page–Once you have completed the wizard's main steps, you will see the confirmation page. Here, there is a URL you can use to confirm that the appliance is performing correctly. You will also see the secret key the appliance generated for your backups. Whether WebApp Secure is storing backups locally or off-site, you must have this key.

Figure 23: Wizard, Confirmation Page

Wizard, Confirmation Page

Note: The key is actually a link. You may change the value of the key by clicking this link.

Note: Record the secret key and keep it someplace safe. If you run through System Initialization again, it will create a new key and you will lose access to your backups if you haven't recorded the old key. If you lose this key, Juniper Support will not be able to recover it or your backups.

Note: It is also worthwhile to record other configuration entries in the event that you perform a configuration re-initialization. engine.session.encryption_key and engine.session.initialization_vector are entries needed to maintain the data of currently active users on the protected application. It is best practice to write these down, as well. Once configuration initialization is done, these old values can be set again.