Remote Admin

From UntangleWiki

Jump to: navigation, search

Untangle Server User's Guide

Contents

[edit]

Enabling Remote Access To Untangle Server

Outside Access is access whereby someone can connect to the Untangle Server and applications from outside the protected network. Someone from the DMZ is considered outside. All traffic passes over a secure (SSL) connection. Internal Remote Administration is access whereby someone can connect to the Untangle Server and applications from within the protected network either through http or https. Internal accesss using https is always enabled, and cannot be disabled.

Figure, Enabling Remote Access To Untangle Server
Figure, Enabling Remote Access To Untangle Server

To enable Outside remote access to the Untangle Server:

  1. From the Navigation Pane, click the Config tab > Remote Admin.
  2. Click the Access tab, then the Restrictions tab.
  3. Select the Enable Outside Administration check box.
  4. Do one of the following, as shown in Figure, Enabling Remote Access To Untangle Server:
    • If you want to restrict access from a set of computers, click the Restrict radio button, and provide the IP addresses and netmask for the computers.
    • If you do not want to restrict access from a set of computers, click the Allow radio button.
  5. Click the Save Settings button.
  6. If your Untangle Server is a bridge and not a router, do the following as shown in Figure, Assigning Public IP Address:
    1. Click the Public Address tab.
    2. Select the Enabled radio button.
    3. Type in the IP Address of the router.
    4. If port 443 is in use by another system, choose a different port; otherwise, accept the default and click Save Settings. If you do not know which port to use, accept the default.
    5. Click the Save Settings button.
    6. Go to your router and create a rule to forward all traffic destined for port 443 to the Untangle Server.

Next Step: Ensure that you can log on remotely. Go to Logging On To Untangle Server.

Top

[edit]

Restricting Remote Access To Untangle Server

To restrict Outside remote access to the Untangle Server:

  1. From the Navigation Pane, click the Config tab > Remote Admin.
  2. Click the Access tab, then the Restrictions tab.
  3. Clear the the Enable Outside Administration check box.
  4. Click the Save Settings button.

Top

[edit]

Specifying Untangle Server's Public (Internet) Address

Is your Untangle Server behind an existing router? If so, that router provides Internet access to your network, and not your Untangle Server. Therefore, the Untangle Server needs to know the IP address for that router because some applications send URL links that require the correct external address. For example, the public address is used in quarantine emails and report emails so the user can always use the URL that is embedded inside the email.

For instance,

  • If you have Router (w/NAT) -> Untangle -> Local Network, specify the public address of the router into the Untangle Server (and add a port forward to the router) in order to access the Untangle Server from the emails.
  • If the Untangle Server is on the edge of the network, and it has a dynamic address, the best solution is to use something like Dyndns to get a Dynamic DNS entry so that you can always use the hostname.

Although redundant, you can set up an Untangle Server behind a router or other network device that redirects or port forwards traffic (Redirecting External and Internal Traffic) to the Untangle Server. For example, such a device can redirect all traffic on its IP address for port 443 to the Untangle Server's port 443. In such a scenario, the Untangle Server's address is not the address used from the Internet (the public address). In this case, from outside the corporate network, you cannot access the Untangle Server unless you specify, on the Untangle Server, the IP address and port that will be used for Internet access.

Note: The default port for external access is 443. It is permissible to use a port other than 443 on the Untangle Server, but the device performing redirection must honor 443 as the external mapping.

To change Untangle Server's public address:

  1. From the Navigation Pane, click the Config tab > Remote Admin.
  2. Click the Access tab, then Public Address tab.
  3. Select the Enabled radio button.
  4. Specify the IP address and port that will be used for Internet access to the Untangle Server, and click the Save Settings button.
Figure, Assigning Public IP Address
Figure, Assigning Public IP Address

Next Step: If you want to enable remote access to the Untangle Server, go to Enabling Remote Access To Untangle Server.

Top

[edit]

Enabling SNMP Monitoring

SNMP is a protocol typically used by Managed Service Providers (MSPs) to monitor and manage systems. Untangle Server follows SNMP standards for its SNMP support. As such, Untangle Server should work with any SNMP monitoring tool so long as that tool adheres to the standard. When a tool has a unique implementation, Untangle provides the vendor connectors to work with Untangle Server. If you'd like to see Untangle produce an extensive monitoring tool, or you currently use a third-party tool that you love, let us know!

Here are some example tools that work with Untangle Server (again, any tool that adheres to the SNMP standard should work with Untangle Server):

SNMP management applications provide the following operations:

  • System-initiated Monitoring operations: GET, GETNEXT, GETBULK. The managing system (for example, Net-SNMP) can retrieve information from the agent (Untangle Server's SNMP agent) using these operations.
  • Agent-initiated Monitoring operations: TRAP, and INFORM. The agent (Untangle Server's SNMP agent) sends data to the managing system (for example, Net-SNMP) without being asked using these operations.
  • Configuration operations: SET

Untangle Server supports access to its UTMs (Untangle Server's software products; also called nodes by developers). In the future, Untangle Server will provide statistics on the Untangle Virtual Machine. Untangle Server does not support configuration operations at this time, but does support all monitoring operations, including traps.

In order for the SNMP agent to query for statistics, the Untangle Server must generate the snmpd.conf file (not snmpconf because that file is for Windows systems, and Untangle Server is a Linux system), then start the SNMP daemon. To do so, you must enable SNMP monitoring.

To learn about Untangle Server's MIB tree and OIDs and SNMP agent, go to SNMP Technical Documentation on Developer Wiki.

To enable SNMP monitoring:

  1. From the Navigation pane, choose Config > Remote Admin. The Remote Admin Config windows launches.
  2. Click the Monitoring tab, then the SNMP tab.
  3. Click the Enable SNMP Monitoring radio button and, optionally, Enable Traps radio button. Traps are rarely used today, but Untangle Server provides this functionality for special configurations.
  4. Type the appropriate configuration information, then click Save Settings.
Community (Get) This community is for a Get* operation, which is the most common method of communication. An SNMP community is the group to which devices and management stations running SNMP belong. The SNMP community defines where information is sent. The SNMP community acts as a password. Untangle Server will not respond to requests from management system that do not belong to its community. By default, this community is untangle.
System Contact Email address of the System Administrator that should receive SNMP messages.
System Location Description of the system's location. Simply use the default if you don't want to specify a location.
Community (Traps) This community is for a Trap or Inform operation, which is a rare method of communication. An SNMP community is the group to which devices and management stations running SNMP belong. The SNMP community defines where information is sent. The SNMP community acts as a password. Untangle Server will not respond to requests from management stations that do not belong to its community. By default, this community is untangle.
Host The host name or IP address of the management system that is authorized to receive statistics from the Untangle Server.
Port The default port for SNMP traps is 162.

Top

[edit]

Enabling Syslog Monitoring

Some syslog products are easier to set up then others. Kiwi is a third-party application that monitors syslog messages, and that is a favorite of many Untangle Server users.

To enable Syslog monitoring:

  1. From the Navigation pane, choose Config > Remote Admin. The Remote Admin Config windows launches.
  2. Click the Monitoring tab, then the Syslog tab.
  3. Click the Enable radio button.
  4. Type the appropriate configuration information, and click the Save Settings button.

Top

[edit]

Restarting Untangle Server

You can restart or reboot the Untangle Server without physical access to the system.

To reboot the Untangle Server:

  1. From the Navigation pane, choose Config > Remote Admin. The Remote Admin Config windows launches.
  2. Click the Manual Reboot tab, and click the Reboot button.

Top

[edit]

Related Topics

Retrieved from "http://wiki.untangle.com/index.php/Remote_Admin"
Personal tools