Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Using the Configuration Wizard

    Use the configuration wizard to set up the following:

    Global Backend Servers–WebApp Secure can protect an unlimited number of web applications, each with their own backend server(s). In a separate section, the process for over-riding backend servers for each application is described. However, you must define at least one server at the global level. This server will service requests that reach WebApp Secure but do not match a configured application.

    • Server Name–A unique name that WebApp Secure uses to identify this server. The name can include any alphanumeric character, "-", and "_", with no white space. Do not use the server's Fully Qualified Domain Name (FQDN) or a URL. If you are using VMware, you can use the same name here as you assigned in VMware to avoid confusion. But that is not required.
    • Server Address–Specify the server's IP. WebApp Secure does not support IPv6 addressing at this time.
    • HTTP Port–Usually port 80.
    • HTTPS Port–Usually port 443.
    • Weight–The default is 1. This value is used when WebApp Secure is serving as a software load balancer and represents the relative weight the server has for balancing purposes.
    • Backup–The default is NO. This only applies if you are using WebApp Secure as a software load balancer, and you are designating this server as a backup.

    SMTP Server–WebApp Secure can e-mail alerts to your administration team. While the appliance can serve as its own mail server, we recommend that you use a valid mail server for your network.

    The following SMTP server configurations are supported for e-mail alerts.

    • No Security by SSL=False and blank User/Password
    • SASL, No TLS: by SSL=False and specified User/Password
    • SASL and TLS: by SSL=True and specified User/Password
    • No-SASL but TLS: by SSL=True and unspecified User/Password

    Use the Wizard to configure SMTP servers, or in the main Web UI, navigate to Configuration > Services > SMTP settings and configure the following:

    Note: After you enter the server information, click the Test SMTP Connection Settings link to make sure the server can be reached.

    • SMTP Server Address–Defaults to localhost. Set it to the IP address or FQDN of your mail server if you are using an off-board mail server as recommended.
    • SMTP Server Port Number–Defaults to 25. Set it to the port your mail server is listening on.
    • SMTP Username–Defaults to blank, and can remain blank if you are using the on-board server. Set it to a user with valid access to the mail server.
    • SMTP Password–Defaults to blank, and can remain blank if you are using the on-board server. Set it to the password for the SMTP username.
    • SMTP Server SSL–True or False–Set whether or not the SMTP server uses SSL for connections.
    • SMTP Server Timeout–This field defaults to 3000. This indicates how long to try and send a message before the connection to the SMTP server times out in milliseconds.
    • SMTP Server Debug Mode–True or False–Whether to log all SMTP connection and traffic details. This is very verbose. It is recommended that you only enable this if you're having issues with emails not being issued.
    • Sender Email Address–The email address that emails will use in the from field.

    Figure 1: Wizard, Configure SMTP Settings, Step 3

    Wizard, Configure SMTP Settings, Step 3

    Alert Service–WebApp Secure can send alerts to an SNMP server or by e-mail to appropriate personnel. The alert service is optional, and defaults to No. If you choose not to activate alerts, the Wizard skips to the next section.

    Figure 2: Wizard, Configure Alert Service , Step 4

    Wizard, Configure Alert Service , Step 4

    Figure 3: Wizard, Configure Alert Service , Step 5

    Wizard, Configure Alert Service , Step 5

    If you choose to activate alerts, you have the option of setting up the number of SNMP servers to alert and the number of e-mail addresses to which messages are sent. The default values to both are 0.

    Figure 4: Wizard, Configure Alert Service , SNMP, Step 6

    Wizard, Configure Alert Service , SNMP, Step 6

    If you activate SNMP Alerts, the wizard prompts you for the server address and the port to which alerts are sent.

    If you are configuring e-mail alerts, the following fields are required:

    • Name: A common name for referencing this e-mail address.
    • Email Address: Email address.
    • Minimum Severity: Minimum severity level to trigger an e-mail alert to this address.
    • Shift Start: Start time for this address in 24 hour format.
    • Shift End: End time for this address in 24 hour format.

    You are also given the option of having alerts sent on the weekend. You can build complex schedules by creating multiple entries for the same person. For example, could have an entry named admin-weekday that specifies 8 AM to 5 PM, M-F, and a second entry named adminweekend that specified 6 AM to 6 PM.

    Figure 5: Wizard, Configure Alert Service , Email Contacts, Step 7

    Wizard, Configure Alert Service , Email Contacts, Step

    Note: Configuration of advanced features, such as encryption keys, are not available in the wizard.

    Backups–WebApp Secure can perform regular, scheduled backups of all data. You can select backups using FTP or SSH.

    Figure 6: Wizard, Configure Backup Service

    Wizard, Configure Backup Service

    The backup service lets you specify the following fields:

    • Frequency: How often backups are sent off-board.
    • Retention: Number of days to keep off-board backups.
    • FTP Service: Whether to use FTP. If set to YES, the server, username, and password fields are required.
    • SSH Service: Whether to use SSH. If set to YES, the server, username, and password fields are required.

    Spotlight Secure –Spotlight Secure provides a way to import malicious profiles from other subscribers to the service. The service is licensed separately and is enabled by default, but you can choose to disable it.

    Wizard Confirmation Page–Once you have completed the wizard's main steps, you will see the confirmation page. Here, there is a URL you can use to confirm that the appliance is performing correctly. You will also see the secret key the appliance generated for your backups. Whether WebApp Secure is storing backups locally or off-site, you must have this key.

    Figure 7: Wizard, Confirmation Page

    Wizard, Confirmation Page

    Note: The key is actually a link. You may change the value of the key by clicking this link.

    Note: Record the secret key and keep it someplace safe. If you run through System Initialization again, it will create a new key and you will lose access to your backups if you haven't recorded the old key. If you lose this key, Juniper Support will not be able to recover it or your backups.

    Note: It is also worthwhile to record other configuration entries in the event that you perform a configuration re-initialization. engine.session.encryption_key and engine.session.initialization_vector are entries needed to maintain the data of currently active users on the protected application. It is best practice to write these down, as well. Once configuration initialization is done, these old values can be set again.

    Published: 2014-06-27