1.1.1 Basic configuration wizard

Introduction

When trying to access the Web Management Console for the first time, you are to complete a basic configuration wizard in order to be able to use the product. The Web Management Console will be available only after you have successfully finished this wizard.

images/download/attachments/20953980/Screenshot_from_2018-08-15_12-40-31.png

To start the wizard click CONTINUE.

Sensitive information

This wizard may transfer sensitive information over an unencrypted connection. Always use this wizard on a secure, closed network or localhost, and with care!

Basic configuration steps

End-User License Agreement

images/download/attachments/20953980/Screenshot_from_2018-08-15_12-40-47.png

In the first page you can find the End-User License Agreement. You have to accept the terms before moving on. Please read through the EULA carefully and if you agree with it, check I ACCEPT THE TERMS IN THE LICENSE AGREEMENT and click NEXT to continue.

Admin User Setup

The next step is to set up an administrator account. This account will be the first one being able to access the Web Management Console and to create accounts for other users. You have to fill all fields in this page to be able to move forward. When you are done, click NEXT to continue.

User directory

The administrator account, that is created via the basic configuration wizard, is always added to the LOCAL user directory as a member.

The following information is required for the administrator account:

ACCOUNT NAME

The unique name of the account that is used at the time of login and in log messages for accountability.

ACCOUNT DISPLAY NAME

Name of the person bound to this account. This name (appended to the name of the account's user directory) is displayed in the top right corner of the Web Management Console.

PASSWORD

Password of the user bound to this account that is used at the time of login.

Passwords sent clear-text

As long as TLS is not configured for the basic configuration wizard, passwords are sent clear-text over the network and may be disclosed to unauthorized parties.

As a mitigation action:

  1. Either use the wizard on localhost or on a direct network connection, or

  2. Enable TLS as soon as possible and change the password immediately if it has already been set.

EMAIL

Email address of the person bound to this account.

images/download/attachments/20953980/Screenshot_from_2018-08-15_12-41-31.png

License activation

For license activation details see 2.4.1 Activating MetaDefender ICAP Server licenses.

Create Core Server Profile

images/download/attachments/26167829/Screenshot_from_2018-08-15_12-42-15.png

In this step you can create a basic Core server profile which will be used for connecting to a MetaDefender Core instance so your traffic can be scanned and sanitized. You should give a name for the profile (e.g. "My MetaDefender Core"), set the address of your MetaDefender Core instance and choose a rule from the list. In order to go to the next step the wizard will check if a connection can be made to the address provided. If the connection seems fine a NEXT button will appear in the place of the TEST button and you can continue the configuration process by clicking on it.

By skipping this step the wizard won't be able to create a security rule later however you will still be able to create a Core server profile and a security rule in the product after the wizard is finished. You will also have the chance to modify the profile created in the wizard with more advanced configuration possibilities later. For more information on server profiles please see 3.9 Server profiles.

Security Rule

images/download/attachments/26167829/Screenshot_from_2018-09-04_11-08-07.png

If you have successfully finished creating a Core server profile your next step will be creating a security rule. In the wizard all you have to do is to choose a name for it and it will be generated using the previously created Core server profile as the one for scanning. You can have more advanced settings for it later, see 4.2 Security rules.

Click NEXT to continue the configuration process.

Wizard completion

After you have completed every steps you are ready to finish the wizard and start using the product. Click the FINISH button to complete the wizard.

The product's service will be restarted and the browser will be redirected to the Web Management Console. This could take several seconds.

You can login to the Web Management Console with the administrator user that have just been created in the previous steps.

images/download/attachments/20953985/Screenshot_from_2018-08-15_12-46-01.png

Transport Layer Security

Transport Layer Security (TLS) is a cryptographic protocol that provides communications security over a computer network. Websites, like the Web Management Console, are able to use TLS to secure all communications between their servers and web browsers.

The TLS protocol aims primarily to provide confidentiality (privacy) and data integrity between two communicating computer applications.

No TLS for the wizard

By default, TLS is not enabled for the basic configuration wizard. As a consequence sessions between the wizard's backend and the browser may be insecure.

Performing the same steps as for the Web Management Console, it is possible to set up TLS for the basic configuration wizard. Remember completing the TLS setup before launching the wizard.

For instructions to set up TLS see 3.2 Configuring TLS.