This section describes the Admin WUI Access fields (Certificates & Security > Admin WUI Access).

Supported TLS Protocols

Checkboxes are provided here which can be used to specify whether or not it is possible to connect to the LoadMaster WUI using the following protocols; TLS1.2 and TLS1.3. TLS1.2 and TLS1.3 are enabled by default. When connecting to the WUI using a web browser, the highest security protocol which is mutually supported by both the browser and the WUI is used.

WUI Cipher set

Select the relevant cipher set to use for WUI access. For information on each of the cipher sets available, refer to the Cipher Sets section.

WUI Session Management

When using a FIPS LoadMaster, Session Management is enabled and cannot be disabled.

Users with the 'All Permissions' permission set can view the Enable Session Management, Require Basic Authentication and the Basic Authentication Password fields. However, users with the 'All Permissions' permission set can configure the Failed Login Attempts and Idle Session Timeout values.

Users with the 'User Administration' permissions set can view the screen but all buttons and input fields are greyed out.

All other users cannot view the WUI Session Management, Currently Active Users or Currently Blocked Users sections of the WUI Configuration screen.

It is possible to use one or two steps of authentication.

If Require Basic Authentication is disabled, users only need to log in using their local username and password. Users are not prompted to log in using the bal or user logins.

If the Require Basic Authentication check box is enabled, there are two levels of authentication enforced to access the LoadMaster WUI. The initial level is Basic Authentication where users log in using the bal or user logins, which are default usernames defined by the system.

Once logged in using Basic Authentication, the user then must log in using their local username and password to begin the session.

Enable Session Management

Session Management is enabled by default and cannot be disabled when using a FIPS LoadMaster. This will force all users to login to the session using their normal credentials.

The user is required to log in to continue to use the LoadMaster.

Note: LDAP users need to login using the full domain name. For example, an LDAP username should be test@progress.com and not just test.

After a user has logged in, they may log out by clicking the Logout button in the top right-hand corner of the screen.

Require Basic Authentication

If Basic Authentication is enabled, there are two levels of authentication enforced to access the LoadMaster WUI. The initial level is Basic Authentication where users log in using the bal or user logins, which are default usernames defined by the system.

Once logged in using Basic Authentication, the user then must log in using their local username and password to begin the session.

Basic Authentication Password

The Basic Authentication password for the user login can be set by typing the password into the Basic Authentication Password text box and clicking Set Basic Password.

The password must be at least 8 characters long and should be a mix of alpha and numeric characters. If the password is considered to be too weak, a message appears asking you to enter a new password.

Only the bal user is permitted to set the Basic Authentication Password.

Failed Login Attempts

The number of times that a user can fail to login correctly before they are blocked can be specified within this text box. The valid values that may be entered are numbers between 1 and 999.

If a user is blocked, only the bal user or other users with All Permissions set can unblock a blocked user.

If the bal user is blocked, there is a 'cool-down' period of ten minutes before the bal user can login again. The bal user is unblocked if there are no login attempts at all for 10 minutes.

Idle Session Timeout

The length of time (in seconds) a user can be idle (no activity recorded) before they are logged out of the session. The valid values that may be entered are numbers between 60 and 86400 (between one minute and 24 hours).

Note: Any page that refreshes automatically will not time out from the WUI Idle Session Timeout setting. For example, the Real Time Statistics page, GSLB Statistics page, WAF False Positive Analysis page, and so on.

Limit Concurrent Logins

This option gives you the ability to limit the maximum number of concurrent login sessions to the LoadMaster WUI at any one time.

The values that can be selected range from 0 - 9.

A value of 0 allows an unlimited number of logins.

The value entered represents the total number and is inclusive of any bal user logins.