To manage the functions of the Web user interface (WebUI), you can configure the following attributes:
Enable Web Management Idle Timeout: Limit the length of administrative inactivity to a specified interval by selecting the check box and entering a number in the Minutes field. Clear the check box to prevent a session from terminating as a result of inactivity.
Max Login Attempts: Limits the number of failed login attempts. Enter the maximum number of authentication attempts a user will have to log into the device. The default is 3.
Enable Web Management Idle Timeout: Lock the account of any user for a specified period if the user's unsuccessful login attempts exceed the limit. Select the check box and enter a number in the Minutes field. The default is 1. Clear the check box to disable user accounts from being locked.
Help Link Path: By default, the path to the online Help for the WebUI points to the Juniper Networks support site. Modify the path to a path on your local server or to the documentation CD that shipped with your product.
HTTP Port: Enter the port number to use to listen for HTTP requests. The default is 80.
Redirect HTTP to HTTPS (optional): Direct the security device to accept HTTP connection requests and redirect the sessions to HTTP over the Secure Sockets Layer (HTTP over SSL).
Caution: If you select the Redirect HTTP to HTTPS check box, make sure you also select the following SSL check box. If you enable Redirect HTTP to HTTPS without enabling SSL, then you cannot access the WebUI.
SSL (optional): Enable the SSL protocol. SSL provides privacy and reliability between two communicating applications.
HTTPS (SSL) Port: Enter the port number to use for SSL. The default is 443.
Certificate: Select a valid certificate from the list. These are certificates that you previously requested and loaded (see Certificates under Objects in the WebUI menu).
Cipher: Select the cipher suite you want the security device to use to secure communications. The suit you select depends on your environment, certificate keys in use, and security requirements.
The four supported cipher suites represent a selection of cryptographic algorithms and parameters. We recommend you use the strongest cipher suite, 3DES_SHA-1, although it imposes some computational burden on the management station. The remaining three cipher suites are listed in the order of their strength: RC4_MD5, DES_SHA-1, and RC4_40_MD5. The RC4_40_MD5 suite is a 40-bit implementation of RC4 used in situations where USA export controls or locale-specific import restrictions do not permit longer keys.
Telnet Port: Enter the port number to use for Telnet requests. The default is 23.
Enable SSH (V2): Enable SSH version 2 (SSHv2) support. The security device can be configured globally to support SSHv1 or SSHv2. SSH provides strong authentication and secure communications—through encryption—over insecure channels. Administrative access to the CLI through SSH is enabled or disabled on a per-port basis.
Enable SCP: Enable Secure Copy (SCP). SCP provides a way of transferring files to or from the security device using SSH.
Port: Enter the port number for SSH requests. Enter a port number between 1024 and 32767. The default is 22.
Enable Device Reset: Enable device reset for asset recovery. By default, this feature is enabled. This option allows you to reset the security device to its factory default settings if the admin password is lost.
At the console connection, enter the device serial number for both the username and the password. This resets the security device to its factory defaults but deletes the current configuration.
Enable Hardware Reset: Enable hardware reset for asset recovery. This option allows physical reset of the security device. Depressing the button located behind the Reset pinhole in a specific pattern deletes the device configuration and reverts the device to its factory defaults.
Enable Key Protection: Enable key protection for improved security. Select this option to protect PKI private keys, preshared keys, and VPN manual keys against unauthorized access and modification. The security device encrypts the keys, checks integrity of key when key is used, and destroys key memory with the different key patterns in the system. The key protection feature is disabled by default. For information about cryptographic key handling, see the Concepts & Examples ScreenOS Reference Guide, Volume 5, Virtual Private Networks.
Click Apply to save your settings.