Using the Configuration Wizard

Use the configuration wizard to set up the following:

Note: The wizard step numbers may vary depending on which configuration path you take. In the screens below, steps may repeat due to varying configuration paths.

Global Backend Servers–WebApp Secure can protect an unlimited number of web applications, each with their own backend server(s). In a separate section, the process for over-riding backend servers for each application is described. However, you must define at least one server at the global level. This server will service requests that reach WebApp Secure but do not match a configured application.

Test Connection to Backend Servers–After entering your settings, click here to ensure the server can be reached. If the connection fails, but you are confident that the server is reachable, complete the wizard, and review the Healthcheck settings available in the Proxy / Backends section of the Web UI

SMTP Server–WebApp Secure can e-mail alerts to your administration team. While the appliance can serve as its own mail server, we recommend that you use a valid mail server for your network.

The following SMTP server configurations are supported for e-mail alerts.

Use the Wizard to configure SMTP servers, or in the main Web UI, navigate to Configuration > Services > SMTP settings and configure the following:

Note: After you enter the server information, click the Test SMTP Connection Settings link to make sure the server can be reached.

Figure 19: Wizard, Configure SMTP Settings

Wizard, Configure SMTP Settings

Alert Service–WebApp Secure can send alerts to an SNMP server or by e-mail to appropriate personnel. The alert service is optional, and defaults to No. If you choose not to activate alerts, the Wizard skips to the next section.

Figure 20: Wizard, Configure Alert Service

Wizard, Configure Alert Service

Figure 21: Wizard, Configure Alert Service

Wizard, Configure Alert Service

If you choose to activate alerts, you have the option of setting up the number of SNMP servers to alert and the number of e-mail addresses to which messages are sent. The default values to both are 0.

Figure 22: Wizard, Configure Alert Service , SNMP

Wizard, Configure Alert Service , SNMP

If you activate SNMP Alerts, the wizard prompts you for the server address and the port to which alerts are sent.

If you are configuring e-mail alerts, the following fields are required:

You are also given the option of having alerts sent on the weekend. You can build complex schedules by creating multiple entries for the same person. For example, admin@yourcompany.com could have an entry named admin-weekday that specifies 8 AM to 5 PM, M-F, and a second entry named adminweekend that specified 6 AM to 6 PM.

Figure 23: Wizard, Configure Alert Service , Email Contacts

Wizard, Configure Alert Service , Email Contacts

Note: Configuration of advanced features, such as encryption keys, are not available in the wizard.

Backups–WebApp Secure can perform regular, scheduled backups of all data. You can select backups using FTP or SSH.

Figure 24: Wizard, Configure Backup Service

Wizard, Configure Backup Service

The backup service lets you specify the following fields:

Spotlight Secure –Spotlight Secure is a cloud-based hacker device intelligence service that will identify individual attacker devices and track them in a global database. If you wish to enable Spotlight or change the Spotlight server that will be used, you may do so through the wizard.

Configure Spotlight Secure Server settings.

Figure 25: Wizard, Spotlight Secure

Wizard, Spotlight Secure

NTP Settings–Many functions within WebApp Secure rely on the system time being set properly. For this reason, it is strongly recommended that you set an NTP server so that WebApp Secure is aware of the correct time. If you have multiple NTP servers, you can add them after the wizard is complete. Suggested public NTP servers are provided for your convenience.

Enter NTP server information

Figure 26: Wizard, NTP Server

Wizard, NTP Server

Silent Running–Silent Running mode enables faster proof-of-concept deployments with minimal-to-no risk. When Silent Running mode is enabled, WebApp Secure will inject tar traps and honeypots, track users and attackers, but no counter responses will be deployed. You can also select specific counter responses that will not be silenced.

Enable Silent Running. Then select any exclusions. See Silent Running Mode for details.

Figure 27: Wizard, Silent Running

Wizard, Silent Running

Wizard Confirmation Page–Once you have completed the wizard's main steps, you will see the confirmation page. Here, there is a URL you can use to confirm that the appliance is performing correctly. You will also see the secret key the appliance generated for your backups. Whether WebApp Secure is storing backups locally or off-site, you must have this key.

Figure 28: Wizard, Confirmation Page

Wizard, Confirmation Page

Note: The key is actually a link. You may change the value of the key by clicking this link.

Note: Record the secret key and keep it someplace safe. If you run through System Initialization again, it will create a new key and you will lose access to your backups if you haven't recorded the old key. If you lose this key, Juniper Support will not be able to recover it or your backups.

Note: It is also worthwhile to record other configuration entries in the event that you perform a configuration re-initialization. engine.session.encryption_key and engine.session.initialization_vector are entries needed to maintain the data of currently active users on the protected application. It is best practice to write these down, as well. Once configuration initialization is done, these old values can be set again.