Appliance administration
What is the Appliance Administration page?
The Appliance Administration page in the /appliance web interface provides tools for managing administrative access and monitoring system activity on the B Series Appliance.
How is it useful to my organization?
This page enhances security and control by allowing administrators to configure login access, review audit logs, and manage system activity to ensure proper operation and compliance.
How do I access the Appliance Administration page?
- Use a Chromium-based browser to sign in to your B Series Appliance. The URL is provided in the BeyondTrust welcome email and includes your site URL followed by /appliance.
- From the top menu, click Security.
The Certificates page opens and displays by default. - At the top of the page, click Appliance Administration.
The Appliance Administration page displays.
Configure appliance administration
Manage access to /appliance administrative interface accounts by setting how many failed logins are allowed. Set how long an account is locked out after passing the failed login limit. Also, set the number of days a password may be used before expiration, and restrict the reuse of previous passwords.
You can restrict access to your B Series Appliance's administrative interface by setting network addresses that are or are not allowed, and you can select the ports through which this interface is be accessible.
In the Accepted Addresses field, define IP addresses or networks that are always granted access to /appliance. In Rejected Addresses, define IP addresses or networks that are always denied access to /appliance. Use the Default Action dropdown to determine whether to accept or to reject IP addresses and networks not listed in either of the above fields. In the case of overlap, the most specific match takes precedence.
If, for example, you want to allow access to 10.10.0.0/16 but reject access to 10.10.16.0/24 and reject access from anywhere else, you would enter 10.10.0.0/16 in the Accepted Addresses field, enter 10.10.16.0/24 in the Rejected Addresses field, and set the Default Action to Reject.
The BeyondTrust Appliance B Series can be configured to run a STUN service on UDP port 3478 to help facilitate peer-to-peer connections between BeyondTrust clients. Check the Enable local STUN service box to use this functionality.
You can configure your B Series Appliance to send log messages to up to three syslog servers. Enter the hostname or IP address of the syslog host server receiving system messages from this B Series Appliance in the Remote Syslog Server field. Select the message format for the event notification messages. Choose from the standards specification RFC 5424, one of the legacy BSD formats, or Syslog over TLS. Syslog over TLS defaults to using TCP port 6514. All other formats default to using UDP 514. However, the defaults can be changed. BeyondTrust Appliance B Series logs are sent using the local0 facility.
Note
When changing or adding a syslog server, an alert is emailed to the administrator's email address. The administrator's information is configured at Security > Email Configuration > Security :: Admin Contact.
Note
For a detailed syslog message reference, see the Syslog message reference.
You can enable a login agreement that users must accept before accessing the /appliance administrative interface. The configurable agreement allows you to specify restrictions and internal policy rules before users are allowed to log in.
You can select a site and click Reset Admin Account, which restores a site's administrative username and password to the default should the login be forgotten or need to be replaced.
Note
If you reset the admin account, any existing session permissions for that account are removed.
Updated 5 days ago