CacheGuard-OS
User's Guide - Version UF-2.2.2


Administration Interfaces

This section describes how to connect to a CacheGuard appliance in order to configure and administrate it. Three configuration/administration interfaces are available in a CacheGuard appliance: Each interface is detailed below.

The Console port

The console port is the main interface of a CacheGuard appliance. It is either a serial port (male DB9 RS232) or simply a Screen/Keyboard connected to the appliance. To use the serial port, link up your CacheGuard appliance serial port and your workstation serial port using a crossed serial cable. Then you can use your favourite terminal emulator (putty, minicom, screen...) to connect to your CacheGuard appliance. Serial communications with a CacheGuard appliance should use the following configurations: 115200 8N1 (115200 baud rate, 8 data bits, None parity, 1 stop bit).

The console port is the most secure and available administration interface in a CacheGuard appliance. Note that after the installation, the only available administration interface is the console port. To give remote administration access to an administrator for the first, you must use the console port (access admin command).

An administrator must be authenticated before connecting to the system. The "admin" user is the main administrator with the highest administration level. Other administrator users with less privileges can be added to the system using the command admin user. You must login as the "admin" user for the first to connect to the appliance. The password to use is the password that you setup during the installation (the default password for pre installed CacheGuard appliances is "admin"). Please refer to the Administrator Users section of this documentation for further information on administrator users.

The administration/configuration process via a character interface (console port or SSH) is made using the CLI (Command Line Interface). To see the list of all available commands, use the help command without any arguments. To get help on how to use a command, use the help command followed by that command name. If you forget the syntax of a command, a completion facility can help you to find its right syntax to use. The completion is available by using the <TAB> keyboard key.

When using a character interface, the administrator has the ability to create mini-programs using a light-weight "bash" (an open source scripting language). Finally, you can use the history command to get an history of previously typed commands. To disconnect from the console port, use the exit command. The connection is also automatically closed if no command is typed for a certain period of time.

Web Administration GUI

For those who are not familiar with a CLI (Command Line Interface) or simply prefer a GUI (Graphical User Interface), a Web administration GUI is available. To connect to the Web administration GUI you need a Web browser. CacheGuard supports almost all modern Wen browsers in the market such as, but not limited to, Firefox, Chrome, Safari, Opera and Edge. Before being able to connect to a CacheGuard appliance via a Web browser, the Web administration GUI should be activated on the appliance and the remote administrator IP must be allowed to connect.

To activate the Web administration GUI on the appliance and allow remote administrators in the network "10.20.0.0 255.255.255.0" to connect to the appliance via its internal network interface, use the following commands:

Once the apply operation is finished, the appliance can be administrated using a Web browser. To connect to the Web administration GUI, use the following URL: "https://10.20.0.254:8090" where 10.20.0.254 is the internal IP address of the appliance. Note that the used protocol is HTTPS (and not HTTP). The default Web administration GUI port number is 8090. To modify this value you can use the port wadmin command. By default, the password for the Web administration GUI is the same as the password used to login via the console port. It is recommended that you create a separate password for the Web administration GUI as opposed to the password used for character interfaces (using the password wadmin command).
The Web administration GUI is a graphical front end to the CLI and can replace the CLI or be used in parallel with it. Using the Web administration GUI is very straightforward: in a first step you build a configuration using different Web pages available via menus and then you activate it by performing an apply operation (as this is the case with the CLI).

When the running (active) configuration is different from a newly built configuration, a blinking down arrow button appears in the title bar inviting you to press on it. Pressing on that icon forwards you to the Apply New Configuration page where you can proceed with the apply operation by pressing the SUBMIT button (or on the green check icon in the title bar) ; it’s that simple. The Web administration GUI is not detailed in the User’s Guide as we hope that its usage is as friendly as straightforward to do not require a detailed documentation.

Secure Shell (SSH)

The appliance can also be remotely administrated using an SSH client. When logged in via an SSH client, the administrator can use the CLI to administrate and configure the appliance. To use the SSH administration interface you should use an SSH client installed on your workstation (Linux ssh command or the Putty application).

To use the SSH administration interface, remote administrators should be allowed to access the appliance and the SSH service should be activated on the appliance. To activate the SSH service on the appliance and allow remote administrators in the network 10.20.0.0 255.255.255.0 to connect to the appliance via its internal network interface, use the following commands:

Once the apply operation is finished, the appliance can be administrated via an SSH client. To connect to a remote CacheGuard appliance from a Linux system, use the "ssh admin@10.20.0.254" command where 10.20.0.254 is the internal IP address of the remote CacheGuard appliance. The SSH password to use is the same as the password used to login via the console port. It is also possible to import a public SSH key into a CacheGuard appliance to be able to connect to it without having to enter the administrator password. Among other things, using an SSH key allows you to automate periodic tasks such as a system backup (see the system backup command).

The process of generating SSH keys depends on the used remote workstation. For instance, to generate an SSH key pair (public and private) on a Linux system you can use the "ssh-keygen" command. To import a public SSH key into a CacheGuard appliance, you should first copy it on a file server supporting TFTP, FTP or SFTP protocols and then load it into your CacheGuard appliance from that file server (you can also run that file server on your workstation). Only trusted file servers are allowed to exchange files with a CacheGuard appliance. To add the file server having the 10.20.0.1 IP address to the list of trusted file servers and allow it to exchange files via the internal network interface of a CacheGuard appliance, use the following commands:

Each SSH key must be identified with a unique identifier that you should specify prior to import it into a CacheGuard appliance. To add an SSH key identified by the john identifier and import it into your CacheGuard appliance from a trusted TFTP file server, use the following commands: where 10.20.0.1 and id_rsa.pub are respectively the file server IP address and the SSH key filename on that trusted file server. After having imported a public SSH key into a CacheGuard appliance, an allowed remote administrator having the private SSH key associated to that imported public SSH key can login without having to enter a password.

To disconnect an SSH session use the exit command. The SSH session is also automatically closed if no command is typed for a certain period of time.