User Interface Access Control

You can limit computer access to the Clearswift Gateway Web Interface and Server Console Interface by specifying a set of rules for IP address or address ranges that are either denied or allowed access.

The Clearswift Gateway applies the first rule that matches the connecting address. To provide a default access rule, add a * entry at the end of the list.

If there are no entries in the list, the Clearswift Gateway allows all addresses to connect on HTTPS. If you place entries in the list, the Clearswift Gatewaydenies access to any addresses that do not match an entry in the list. We recommend that you provide a default policy by adding a "* Deny" entry at the bottom of the list. We recommend that you do not use a proxy to access the Web Interface.

To add user interface access rules:

1. From the System Center Home page, click System Settings.

   The System Settings page is displayed.

2. Click User Interface  Access Control to display the User Interface Access Control page.
3. Click New adjacent to the Hosts heading. The Add Host dialog appears in the task panel.

4. In the Add Host dialog, specify a host IP address or IP address range. You can specify a range of IP addresses using an asterisk (*) to represent an octet consisting of any numbers. Use one of the following formats to define an IP address range:

   nnn.nnn.nnn.*

   nnn.nnn.*

   nnn.*

   You may not specify anything after the asterisk.

   You can deny (or allow) all external hosts by entering a single asterisk character *. This action will not apply to hosts which have already been specified access.

5. Indicate whether the specified address or range of addresses is to be denied or allowed access.
6. Click Add. The Clearswift Gateway adds the rule to the Access Controls list.
7. Repeat steps 3 to 6 as required for additional hosts.

8. If necessary, change the relative priority of the rules:

   • Select an entry in the list.
   • Click or , as required.
9. Apply the new configuration.

You might want to include (and allow) the IP address of your firewall in the list of user interface access rules. This allows ICMP traffic, which may be blocked if the firewall is unrecognized.

To edit a user interface access rule:

1. From the System Center Home page, click System Settings. The System Settings page appears.
2. Click User Interface Access Control to display the User Interface Access Control page. This lists the existing access rules.
3. To change the relative priority of an entry:

• Select an entry in the list.
• Click or , as required.

4. To edit the details of an entry:

• Select the entry you wish to modify.
• Click Edit adjacent to the Hosts heading.
• In the Edit Host dialog, specify a host IP address or IP address range. You can specify a range of IP addresses using an asterisk (*) to represent an octet consisting of any numbers. For examples, see step 4 above.
• Indicate whether the specified address or range of addresses is to be denied or allowed access.
• Click Update. The Clearswift Gateway adds the change to the Access Controls list.

5. To remove an entry from the list:

• Select the entry you wish to remove.
• Click Delete adjacent to the Hosts heading.
• Click Yes on the Confirm Delete dialog.

6. To change access permission:

   • Select the entry you wish to change.
   • Click Allow or Deny adjacent to the Hosts heading.
7. Apply the new configuration.

To enable auto-completion of credentials:

1. From the System Center Home page, click System Settings. The System Settings page appears.
2. Click User Interface Access Control to display the User Interface Access Control page. This lists the existing access rules.
3. Move the mouse-pointer over the Browser Auto-Complete Settings area and click Click here to change these settings.
4. Select the checkbox to Enable browser auto-completion of login credentials. This enables the browser to auto-complete the login credentials of allowed users.
5. Apply the new configuration.

See also...

• Apply the new configuration