Define Configuration History and Change Comment Settings
Your WatchGuard Management Server stores the configuration files for all the Fully Managed devices and for all the Device Configuration Templates it manages. When you make changes to the configuration of a Fully Managed device, the Management Server downloads the configuration file from the device and stores a copy of it. When you make changes to a Device Configuration Template, the Management Server also stores a copy of the template. The history for each saved device configuration file or template includes the revision number, time stamp, the user who made the change, the audit comment for the change, and the OS version for the device or template.
If you change a device from Fully Managed mode to Basic Managed mode, the configuration history already saved on the Management Server remains on the server but, future changes to the device configuration file are not saved. If you delete a Device Configuration Template, the history for that template is also deleted.
You can select to limit the number of configuration files the Management Server stores for all Fully Managed devices and Device Configuration Templates, and specify how many files it saves, by either the number of files or the total disk space the files can use on the Management Server. You can also require users to leave a comment about the changes made to the configuration file or template, and specify the message that users see about what details their comments about the changes must include.
You can enable the Logon Disclaimer feature to force your administrators to agree to the terms and conditions you specify before they can log in to make configuration changes to your Management Server.
When you configure the logon disclaimer settings, you can specify the title of the Logon Disclaimer page and the disclaimer message text. You can also select a custom logo for the Logon Disclaimer. The image file you select must be a JPG, GIF, or PNG file, no larger than 200 x 65 pixels.
The Logon Disclaimer feature is only available for WatchGuard Management Servers v11.9.3 or higher.
With the Logon Disclaimer feature enabled, when your administrators open WSM, connect to your Management Server, and log in, the Logon Disclaimer page appears. Each administrator must agree to the Logon Disclaimer before they can connect to your Management Server. If they do not agree to the disclaimer, they cannot connect to the server and are redirected to the Login page.
To define the settings for configuration history storage, comments about changes to the files, and the Logon Disclaimer feature:
- In the Servers tree, select Management Server.
- Select the Configuration Management tab.
The Configuration Management page appears.
- To specify the number of files to store for each device, select the Limit Configuration History Storage check box.
- In the Keep text box, type the value for the option you selected. The amount you specify is stored for each fully managed device or template.
- From the drop-down list, select an option:
- Revisions — The history includes only the specified number of files.
- Megabytes — The history includes files up to the specified number of megabytes in disk space on the Management Server.
- To require users to leave a comment when they save changes to a configuration file or template, select the Require users to enter a comment when they save to a Fireware XTM device check box.
- In the Comment Template text box, type a description of the text users must include in their comments.
- To enable the Logon Disclaimer feature, select the Enable Logon Disclaimer check box.
- In the Page Title text box, type the text for the title of the Logon Disclaimer page.
- In the Specify a Disclaimer Message text box, type or paste the text for the disclaimer message.
- To add a custom logo to the disclaimer message:
- Select the Use a custom logo check box.
- Click Upload and select the image file.
- Click OK.
- Click Apply to save your changes.