Configuring the Guardium portal

From the Guardium Portal page, you can reset the port for the Guardium® appliance web server, import SSL certificates, and configure authentication for your Guardium system users.

To open the Guardium Portal page, click Setup > Tools and Views > Portal.

Setting the port number

You can keep the Guardium appliance web server on its default port (8443) or reset the portal. Guardium recommends that you use the default port.

  1. If not selected, select the Active on Startup checkbox (make sure that Active on Startup is always enabled).
  2. Set the HTTPS Port to an integer value 1025 - 65535.
  3. Click Apply to save the value. (The Guardium security portal does not start listening on this port until it is restarted.) Or click Revert to restore the value that is stored by the last Apply operation.
  4. Click Restart to restart the Guardium web server if you made and saved any changes. You can now connect to the unit on the newly assigned port.
    Note: To reconnect to the unit after it restarts with the new port number, change the URL that opens the Guardium Login page on your browser.

For more information about Guardium ports, see Guardium port requirements

Importing SSL certificates

Use Import Certificate to import self-signed certificates with private keys.

Before you begin, generate certificates for each Guardium system, and store them locally.

Certificates can be generated in two formats:
  • PKCS 12
  • PEM
Note: After the certificates are imported, the GUI must be restarted for the changes to take effect.
  • To import a PKCS 12 certificate:
    1. Select Import PKCS 12 certificate.
    2. Select Browse, and then browse to the certificate stored on your local system.
    3. In the Password field, enter your PKCS 12 file's password.
    4. In the Certificate alias field, enter the certificate's alias.
    5. Click Import . In the confirmation dialog, click Yes to restart the GUI. To restart the GUI later, click No.
    Note: PKCS 12 certificates can be imported only through the GUI.
  • To import a PEM certificate:
    1. Select Import PEM certificate.
    2. In the PEM certificate field, paste your certificate. Include the markers "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----".
    3. In the PEM private key field, paste your certificate's key. Include the markers "-----BEGIN RSA PRIVATE KEY-----" and "-----END RSA PRIVATE KEY-----".
    4. Click Import . In the confirmation dialog, click Yes to restart the GUI. To restart the GUI later, click No.
    Note: You can also import PEM certificates from the CLI. For more information, see Store certificates with private key.

Configuring authentication

Authentication defines the way user passwords are authenticated when users log in to the Guardium appliance. From the Portal page, select one of the following authentication configurations:

  • Local (the default) - A login and password for a specific user is defined from the accessmgr role on the Guardium accessmgr account.
  • RADIUS - Allow login authentication through a Radius server. The Radius/RSA server is defined by using both a password and a SecurID token number. The SecurID token numeric password is displayed on a hardware token.
  • LDAP - Allow login authentication when the password is defined and stored on a specified lightweight directory access protocol (LDAP) server.
  • Smart Card - Require login to the Guardium UI using a smart card.
  • Single sign-on SAML - Allows access to multiple web-based applications using one set of login credentials.
For more information about user authentication, see Configuring authentication. For more information about smart card authentication, see Enabling smart card authentication.

Configuring multi-factor (two-factor) authentication

Multi-factor (or two-factor) authentication (MFA) adds an extra layer of security to your Guardium user accounts. Guardium supports DUO and RSA SecurID authentication engines. For more information about configuring your system for multi-factor authentication, see Configuring multi-factor authentication.