Cisco ACE Web Application Firewall Getting Started Guide (Software Version 6.0) - Accessing the Manager Web Console [Cisco ACE Web Application Firewall]

Table Of Contents

Accessing the Manager Web Console

Logging In to the Manager Web Console

Navigating the Manager Web Console

Accessing the Manager Web Console

The ACE Web Application Firewall Manager web console is the policy development and administration interface for the system. The web console includes tools and wizards that significantly ease the task of securing web applications. After the Firewall and Manager are installed on the network, for most practical purposes, they can be configured and administered exclusively from the Manager web console.

The ACE Web Application Firewall Manager web console works with recent browser versions. It is specifically supported on Mozilla Firefox 1.5.0.x and 2.0.0.x and on Microsoft Internet Explorer 5.5 and 6. JavaScript must be enabled in the browser for many web console features to work properly.

Logging In to the Manager Web Console

To access the ACE Web Application Firewall Manager web console from a browser:

Step 1 In the address field of the browser, enter the URL for the console: https://<host>:8243

Where <host> is the IP address or hostname you configured for the ACE Web Application Firewall Manager in the "Performing the Initial Configuration" section on page 3-10. Note that you need to connect to the Manager web console by secure HTTP (HTTPS). Also, as shown, the default port on which the Manager publishes the web console is port 8243.

Step 2 Accept the temporary certificate to view the login dialog box.

Figure 4-1 Manager Login

Step 3 Take the following steps in the login dialog box:

a. If the login box displays a Cluster menu, leave it set to the Default Cluster setting unless your system administrator tells you to use another setting.

b. In the login fields, enter a valid username and password:

–For a new installation, enter administrator as the username (case-sensitive) with the default password swordfish.

–If the default password has been changed, enter the username and password assigned to you by the system administrator.

One of the first tasks required for starting a production-level project is to create user accounts in the web console for each person or group participating in the project. For evaluation or trial development, however, you may wish to use the pre-existing administrator account.

Keep in mind that the administrator account in the web console is a different user account (usually with a different password) from the root account used to access the appliance Shell interface, as described in Chapter 3, "Performing the Initial Setup."

c. Click the Log In button.

If your system has not been pre-configured with a valid license key, a message appears notifying you that you need to update the product license. In this event, install a license as described in the following step. If licensed, the Welcome page appears.

Step 4 If you need to install a license, take these steps:

a. Locate the license file provided to you and copy its contents to your system clipboard. You should have a license for each appliance in your installation.

b. Click the License Management link at the bottom of the license error page.

c. Click the edit link next to the Manager and paste the license text into the License File field. Click Save Changes.

d. Perform the task for each Firewall administered by this Manager.

If you do not have a product license, refer to the Cisco ACE Web Application Firewall Administration Guide for information on acquiring a product licenses.

Once the Manager is licensed, you can access all areas of the ACE Web Application Firewall Manager web console and proceed with the policy configuration.

Navigating the Manager Web Console

When you log into the web console with an empty policy (that is, a policy in its initial state), a welcome page appears. From the welcome page, you can start configuring the Firewall policy in the console. After the policy contains objects for handling traffic, the default login page is the Dashboard.

Figure 4-2 shows the Dashboard and highlights the main elements of the web console interface.

Figure 4-2 ACE Web Application Firewall Manager web console

The primary components of the interface are:

•The properties page shows status information and configuration settings for a particular aspect or behavior of the system. In the case of the Dashboard, the properties page shows statistics for traffic handlers in the policy, as in Figure 4-2. For a new installation, the Dashboard will be empty.

•The navigation menu provides access to the various property pages of the console.

•The status bar provides access to common operations in the console, such as deploying or switching subpolicies (a policy can be organized into multiple parts, called subpolicies).

This guide contains detailed, click-by-click steps for performing various configuration tasks. Be aware that there is usually more than one way to navigate the console to accomplish a task. As you follow these steps, feel free to explore the web console interface and use the navigation path you prefer.

	Cisco ACE Web Application Firewall Getting Started Guide (Software Version 6.0)
	Accessing the Manager Web Console
Cisco ACE Web Application Firewall Getting Started Guide (Software Version 6.0) Preface About the ACE Web Application Firewall Before Starting Performing the Initial Setup Accessing the Manager Web Console Virtualizing a Web Application Deploying and Testing the Policy Working with Firewall Profiles Using the Logs Creating Request Match Filters Monitor Mode Fine-Tuning Firewall Rules Securing HTTP Cookies Rewriting Response Content HTTP Error Response Mapping Server Header Masking Preventing Cross-Site Scripting Attacks	Download this chapter Accessing the Manager Web Console Download the complete book ACE Web Application Firewall Getting Started Guide Book-Length PDF (PDF - 3 MB) Feedback Table Of Contents Accessing the Manager Web Console Logging In to the Manager Web Console Navigating the Manager Web Console Accessing the Manager Web Console The ACE Web Application Firewall Manager web console is the policy development and administration interface for the system. The web console includes tools and wizards that significantly ease the task of securing web applications. After the Firewall and Manager are installed on the network, for most practical purposes, they can be configured and administered exclusively from the Manager web console. The ACE Web Application Firewall Manager web console works with recent browser versions. It is specifically supported on Mozilla Firefox 1.5.0.x and 2.0.0.x and on Microsoft Internet Explorer 5.5 and 6. JavaScript must be enabled in the browser for many web console features to work properly. Logging In to the Manager Web Console To access the ACE Web Application Firewall Manager web console from a browser: Step 1 In the address field of the browser, enter the URL for the console: https://<host>:8243 Where <host> is the IP address or hostname you configured for the ACE Web Application Firewall Manager in the "Performing the Initial Configuration" section on page 3-10. Note that you need to connect to the Manager web console by secure HTTP (HTTPS). Also, as shown, the default port on which the Manager publishes the web console is port 8243. Step 2 Accept the temporary certificate to view the login dialog box. Figure 4-1 Manager Login Step 3 Take the following steps in the login dialog box: a. If the login box displays a Cluster menu, leave it set to the Default Cluster setting unless your system administrator tells you to use another setting. b. In the login fields, enter a valid username and password: –For a new installation, enter administrator as the username (case-sensitive) with the default password swordfish. –If the default password has been changed, enter the username and password assigned to you by the system administrator. One of the first tasks required for starting a production-level project is to create user accounts in the web console for each person or group participating in the project. For evaluation or trial development, however, you may wish to use the pre-existing administrator account. Keep in mind that the administrator account in the web console is a different user account (usually with a different password) from the `root` account used to access the appliance Shell interface, as described in Chapter 3, "Performing the Initial Setup." c. Click the Log In button. If your system has not been pre-configured with a valid license key, a message appears notifying you that you need to update the product license. In this event, install a license as described in the following step. If licensed, the Welcome page appears. Step 4 If you need to install a license, take these steps: a. Locate the license file provided to you and copy its contents to your system clipboard. You should have a license for each appliance in your installation. b. Click the License Management link at the bottom of the license error page. c. Click the edit link next to the Manager and paste the license text into the License File field. Click Save Changes. d. Perform the task for each Firewall administered by this Manager. If you do not have a product license, refer to the Cisco ACE Web Application Firewall Administration Guide for information on acquiring a product licenses. Once the Manager is licensed, you can access all areas of the ACE Web Application Firewall Manager web console and proceed with the policy configuration. Navigating the Manager Web Console When you log into the web console with an empty policy (that is, a policy in its initial state), a welcome page appears. From the welcome page, you can start configuring the Firewall policy in the console. After the policy contains objects for handling traffic, the default login page is the Dashboard. Figure 4-2 shows the Dashboard and highlights the main elements of the web console interface. Figure 4-2 ACE Web Application Firewall Manager web console The primary components of the interface are: •The properties page shows status information and configuration settings for a particular aspect or behavior of the system. In the case of the Dashboard, the properties page shows statistics for traffic handlers in the policy, as in Figure 4-2. For a new installation, the Dashboard will be empty. •The navigation menu provides access to the various property pages of the console. •The status bar provides access to common operations in the console, such as deploying or switching subpolicies (a policy can be organized into multiple parts, called subpolicies). This guide contains detailed, click-by-click steps for performing various configuration tasks. Be aware that there is usually more than one way to navigate the console to accomplish a task. As you follow these steps, feel free to explore the web console interface and use the navigation path you prefer.
	Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks