Miss our recent webinar all about Access Server? We've broken down the key points you need to know, plus we're sharing some helpful tips and additional resources.
How to change the branding on the Admin and Client Web UIs
Incorporating your own branding can be helpful in establishing employee trust. You can tweak the web pages Access Server provides for accessing your Admin and Client Web UIs, including adding your business logo.
Recommended reading: Tutorial: How to Change the Branding on the Admin and Client Web UIs
This goes well with setting up a hostname so your admins and users aren't relying on the server's IP address for access: Tutorial: Setting up your Access Server Hostname.
For more information about the user interfaces, we have user manuals for you:
Log reports — how to query the log
As the administrator, Access Server's logs provide helpful information. You can see who is accessing the network, when, and from what location and devices. This can be crucial when trying to pinpoint a potential breach or attack, or when you're simply trying to find an error.
For some helpful tutorials about working with logs and adjusting them to meet your needs:
- Tutorial: Set Up a Log File Rotation
- Tutorial: How To Log To Syslog
- Tutorial: Query the Access Server Log Database with the logdba Tool
For advanced troubleshooting, you can set debug flags. We also have a great support team available to help.
DNS settings
For human-friendly web navigation, Access Server supports flexibility with DNS, allowing you to match your use case needs. Read about it here.
You can manage the DNS configuration from the Admin Web UI. Read how here.
Troubleshooting DNS issues? Here's some help.
OpenVPN DCO
When you turn on OpenVPN Data Channel Offload (DCO), your VPN server and clients will experience performance gains.
OpenVPN DCO changes how Access Server handles the data flowing through the VPN tunnel. With DCO, the data channel encryption and decryption are offloaded to kernel space, letting the kernel do the work instead of dealing with it in user space. This saves on copy operations from kernel to user space and back and uses multi-threading.
Recommended reading: OpenVPN Data Channel Offload (DCO).
Get things started here: Tutorial: Turn on OpenVPN DCO.
We always recommend running the latest versions. If you need help upgrading, here's a tutorial to get you started: Tutorial: Upgrade the OpenVPN DCO module.
Certificates
When talking about certificates with Access Server, you may see references to CA certificates or SSL certificates for the Web UIs.
Access Server issues and manages its own certificates for the server and its clients. This certificate infrastructure is called public key infrastructure (PKI). You can read about it in detail here: Access Server's CA Certificate Management.
We also support an option to use your own external PKI, as detailed in this topic: External Public Key Infrastructure.
For the SSL certificates used by Access Server's web services, Access Server generates self-signed web certificates valid for one year. You can read the details about them here: SSL Certificates on Access Server's Web Services.
Below are a few tutorials for replacing those with your own valid web SSL certificate:
- Tutorial: How to Install a Valid Web SSL Certificate in Access Server
- Tutorial: Install a Signed SSL Certificate from the Command-line Interface
User passwords
Allowing users to change their own passwords from the Client Web UI can help take some of the pressure from your IT service desk. From the Admin Web UI, you can determine if your users can change their own passwords from the Client Web UI, and you can enforce strong passwords.
TOTP multi-factor authentication (MFA)
It's no secret that MFA can help prevent breaches due to compromised credentials. That's why admins can opt to enable MFA in Access Server. Access Server supports TOTP MFA configured in the Admin Web UI.
Read more about how to set up MFA here: TOTP MFA: Multi-Factor Authentication for Access Server.
Password lockout policy
To prevent access via brute-force attacks, Access Server automatically locks a user account after repeated failed authentication attempts. You can adjust the default values for
a. how many failed attempts are permitted before a lockout and
b. how much time must elapse before a timeout ends and the lock on the account is lifted.
See Authentication failure lockout policy for more specifics.
Get started with Access Server
Access Server has additional features that can help your business build the foundation for a Zero Trust security strategy.
Ready to learn more? Join our office hours for a live demo.