admin / netadmin (on the mGuard)
The user admin (mGuard user) can change all settings of the mGuard, whereas the user netadmin can only change local variables.
AIA
The certificate extension called Authority Information Access (AIA) indicates how to access CA information and services for the issuer of the certificate in which the extension appears. Such an extension is used to identify the OCSP server which provides current revocation status information for that certificate. mdm supports the inclusion of an AIA extension containing the URL of a single OCSP server. For detailed information on the AIA extension please refer to RFC 3280.
CDP
The certificate extension called CRL Distribution Points (CDP) identifies how CRL information is obtained for the certificate the extension is included in. mdm supports the creation of certificates containing the CDP extension with a single http:// URL enclosed therein. The URL specifies the download location of the actual CRL. For more detailed information on CRL Distribution Points please refer to RFC 3280.
CRL
A Certificate Revocation List (CRL) is issued regularly by a Certification Authority (CA) to provide (public) access the revocation status of the certificates it issued. A CRL is a list of revoked certificates identified by serial number. Once a certificate is revoked, it is considered to be invalid. A revocation becomes necessary in particular, if associated private key material has been compromised. For more detailed information on CRLs please refer to RFC 3280.
Local (mGuard) variables
Local mGuard variables are not managed by mdm, but only by the netadmin locally on the mGuard. Within mdm (in the Template properties dialog or the Device properties dialog) each variable can be defined as local variable by selecting Local as value.
Devices or templates using a parent template “inherit” the values defined in the parent template. Depending on the permission setting, the inherited value can or cannot be overridden in the inheriting devices and templates.
Management ID
A unique logical identifier independent of the physical hardware that identifies each device, as opposed to an identifier of the physical device, e.g. the serial number.
OCSP
The Online Certificate Status Protocol (OCSP) specifies the message format for a service responding with actual revocation status information on individual certificates upon request. Such a service is conventionally embedded within an HTTP server. Thus most OCSP servers use HTTP as transport layer for the OCSP messages. Such an OCSP server is operated by some Certification Authorities as alternative to or replacement for CRLs. For detailed information on OCSP please refer to RFC 2560.
The permissions in a template determine whether the user configuring an inheriting device or template can override/modify the settings of the parent template.
Regular expressions
Regular expressions are text strings to match portions of a field using characters, numbers, wildcards and metacharacters. Regular expressions can be used in mdm to filter the device, template, or pool table. For detailed information on regular expressions please refer to www.regular-expressions.info (2017-01-30).
Template
A set of mGuard variables and the corresponding values and permissions. The template can be used (i.e. inherited from) by a device or another template. A change in the template applies to all inheriting devices and templates, depending on the access privilege settings. The template is used in mdm only, but not on the mGuard. See also Inherited value and Permissions.
X.509 certificates
Digital certificates have been specified in the standard X.509 issued by the ITU-T. A profile of that standard is published as RFC 3280. Such certificates certify the identity of an entity. The certificate includes the entity's public key and an electronic signature from the Certification Authority (CA). X.509 certificates are organized hierarchically: A root CA creates a self signed trust anchor which needs to be configured as such for applications verifying digital signatures or certificates. The identity and trustworthyness of the intermediate CAs is certified with a CA certificate issued by the root CA respectively the upstream intermediate CA. The identity of the end entities is certified with a certificate issued by the lowest CA. Each certificate can contain extensions for the inclusion of arbitary additional information. The mdm supports the creation of end entity certificates for VPN connection end points and the optional inclusion of the CDP and AIA extensions. For detailed information on digital certificates please refer to RFC 3280.