System Management
The "System Management" page is divided into various setting pages such as "About", "Network Settings", and "Log Settings".
About
System Management > AboutOn the "About" page, you can view system information, change the Hostname, and backup and restore your system.
| Button Name | Description |
|---|---|
| "Tech Support" button | A file for technical support is output. This is intended for cases where checking internal information is required, such as for troubleshooting, so consult our technical staff before using it. By default, the technical support information also includes authentication policy data. If you do not want to attach policy data, uncheck "Include authentication policy data in technical support information." in the dialog that appears after clicking the "Technical Support" button. 
|
System Information
System Management > About > System InformationYou can check the Serial Number etc. You can also change the Hostname of the node on which this system is running.
| Item Name | Description |
|---|---|
| Hostname | The Hostname of the node on which this system is running. The default Hostname is "radgate". Clicking the "Edit" button opens the Hostname dialog, where you can change the Hostname. |
| Version | The version of the AT-RADgate software currently running. |
| Build Date Time | This is the creation date and time of the currently running AT-RADgate software. |
| Serial Number | The Serial Number of this system. This is required when issuing an AT-RADgate license. |
Hostname
In the "Hostname" dialog, you can change the Hostname.
| Item / Button Name | Mandatory | Format | Description |
|---|---|---|---|
| Hostname | × | String (Max 15 characters) | The Hostname of the node on which this system is running. Only lowercase alphanumeric characters and hyphens are allowed (hyphens cannot start or end the name). If you save without entering anything, the default Hostname (radgate) is set. |
| "Cancel" button | − | − | Stop editing. |
| "Save" button | − | − | Save the settings. |
System Backup
System Management > About > System BackupSave the entire currently running system to a backup file (external image file). You can use Restore to return your system to a saved state.
The downloaded file contains the following information:
- System Serial Number (on the System Management > About page)
- System settings (settings on the System Management page)
- Administrator account information (Account Management page)
- Authentication policy data (settings on each tab of the Policy Management page)
- RADIUS Settings (Settings on the RADIUS Management page)
- Event Log (Event Management page)
- Software License (System Management > License page)
- CA Certificate ( CA Management page)
- Certificate Revocation List (CRL) (CA Management page)
- Issued Server Certificates or Client Certificates ( CA Management page)
- Certificate profile (CA Management page)
- SMTP OAuth 2.0 Information (SMTP Server page)
- Windows Active Directory Configuration
| Button Name | Description |
|---|---|
| "Backup" button | Perform a system backup. |
System Restore
System Management > About > System RestoreRestore the system to the saved state using the backup file (external image file) downloaded from System Backup.
NoteWhen you perform a system restore, the node on which AT-RADgate is running automatically reboots.
NoteBackup files (external image files) obtained on the AT‑VST‑APL/AT‑VST‑VRT edition and the Allied Telesis Container Platform edition can be restored on each edition, provided the version is the same as or later than the version used to create the backup. However, backup files obtained with AT‑RADgate 1.0.0 of the AT‑VST‑APL/AT‑VST‑VRT edition cannot be restored on this version. Use backups created with version 1.1.0 or later. For information about updating AT‑RADgate, also refer to Quick Tour > Updating AT‑RADgate.
NoteThe serial number is the one recorded in the restored backup file (the serial number of the AT‑RADgate used to create the backup), and it can be used as is.
NoteIf the refresh token restored for SMTP OAuth 2.0 has expired or is invalid, reconfigure the OAuth client on the SMTP Server page and obtain a new token using the "Connect" button. It is also recommended to send a test email to verify that OAuth authorization works correctly with the SMTP Server settings and the restored OAuth token information.
| Button Name | Description |
|---|---|
| "Restore" button | Perform a system restore. When you click, a file selection dialog appears, so select the image file and upload it. Returns to a saved system state. |
Network Settings
System Management > Network SettingsOn the Network Settings page, you can configure Web Service, Replica (redundant configuration), and Server Certificate (SSL Certificate).
Web Service
System Management > Network Settings > Web ServiceYou can change the protocol and listening port number of the Web UI/Web API service. Click the "Edit" button at the bottom right to enter edit mode.
If you change the Web service settings, it automatically reconnects to the new Web service. In this case, your browser's security warning function may block your connection.
◼ Edit mode
| Item / Button Name | Mandatory | Format | Description |
|---|---|---|---|
| Protocol | × | − | A web service communication protocol. You can choose HTTP or HTTPS. |
| Port Number | × | 1-65535 | The TCP port number that the Web service listens on. You cannot set a port number that is being used by other AT-RADgate services. |
| "Edit" button | − | − | Start editing. |
| "Cancel" button | − | − | Stop editing. |
| "Save" button | − | − | Save the settings. |
Replica
System Management > Network Settings > ReplicaYou can configure a redundant configuration for Authentication policy data. For more information, refer to Quick Tour > Redundant Configuration of Authentication Policy Data.
No configuration changes are required on the AT‑RADgate used as the primary. Apply the configuration only on the AT‑RADgate configured as the replica.
NoteBefore configuring the Replica, it is recommended to download the Authentication Policy Data and create a backup on the System Management > Database Management page, including the AT-RADgate used as the Primary.
NoteIf the Local CA is already configured, the message “Cannot configure settings while the CA is enabled.” appears, and the replica cannot be configured.
Primary (Default) Settings Page
On the primary (default), the following page is displayed.No configuration changes are required on the AT‑RADgate used as the primary.
| Item / Button Name | Description |
|---|---|
| Mode | Displays the primary. |
| Database ID | This is the database ID. |
| Database Age | This is the database age. |
| "Edit" button | Start editing. |
When you click the "Edit" button on the above page, the following page appears.
On this page, clicking the "Save" button and applying the settings immediately starts operation as the replica.
NoteWhen configured as a replica, all retained Authentication policy data is deleted.
| Item / Button Name | Mandatory | Format | Description |
|---|---|---|---|
| Primary Node URL | × | − | Enter the URL of the primary AT‑RADgate. |
| User Name | × | String (Max 64 characters) | Enter the username of the primary AT‑RADgate account. |
| Password | × | Password | Enter the password of the primary AT‑RADgate account. |
| "Cancel" button | − | − | Stop editing. |
| "Save" button | − | − | Save the settings. |
Replica Settings Page
When configured as a replica, the following page is displayed.
| Item / Button Name | Description |
|---|---|
| Mode | Displays the replica. |
| Primary Node URL | Displays the URL of the primary AT‑RADgate. |
| Status | Displays the connection status with the primary AT‑RADgate as "Negotiating" or "Sync". |
| Database ID | While synchronizing with the primary AT‑RADgate, the database ID of the primary AT‑RADgate is displayed. If not synchronized, the Database ID of the replica is displayed. |
| Database Age | While synchronizing with the primary AT‑RADgate, the Database Age of the primary AT‑RADgate is displayed. If not synchronized, the Database Age of the replica is displayed. |
| Latest Synced Time | While synchronizing with the primary AT‑RADgate, the time of the last synchronization with the primary AT‑RADgate is displayed. If not synchronized, “-” is displayed. |
| "Delete" button | Delete the replica. |
| "Edit" button | Start editing. |
◼ Replica (Edit Mode)
When you click the "Edit" button on the above page, the following page appears.
| Item / Button Name | Mandatory | Format | Description |
|---|---|---|---|
| Primary Node URL | × | − | Enter the URL of the primary AT‑RADgate. |
| User Name | × | String (Max 64 characters) | Enter the username of the primary AT‑RADgate account. |
| Password | × | Password | Enter the password of the primary AT‑RADgate account. |
| "Cancel" button | − | − | Stop editing. |
| "Save" button | − | − | Save the settings. |
NoteIf you change the settings of the primary AT‑RADgate that is already synchronizing, synchronization becomes unavailable. When changing the synchronization destination settings, change the settings on the primary AT‑RADgate first, and then change the settings on the replica.
Server Certificate
System Management > Network Settings > Server CertificateYou can check and change the certificates used by each AT-RADgate service. You can also issue and import Server Certificates by using the Local CA.
| Item Name | Description |
|---|---|
| Role | The service name for which the certificate is used. |
| Common Name (CN) | The value of the certificate's Common Name field. |
| Effective Date | The certificate's effective date. |
| Expire Date | The expiration date of the certificate. |
| "Detail" button | Display the Certificate details. |
| "Import" button | Display the Import SSL Certificate dialog. |
| "Issue" button | Display the Issue Certificate dialog. |
| Service Name | Description |
|---|---|
| Web | This is a service that provides Web UI/Web API. The certificate is used only if the protocol is set to HTTPS. |
| RADIUS | This is a service that provides RADIUS Authentication functionality. Use the certificate for EAP-PEAP authentication. |
Import SSL Certificate
You can upload an SSL certificate file in PEM format. Select the certificate file and private key file and click the "Import" button. If you change the web certificate, a reconnection to the Web UI server is performed (even if you are using the HTTP protocol). In this case, your browser's security warning function may block your connection.
Issue Certificate
Issuing a Server Certificate by using the Local CA.
| Item / Button Name | Mandatory | Format | Description |
|---|---|---|---|
| Common Name (CN) | × | String (Max 64 characters) | The value of the certificate's Common Name field. |
| Subject Alternative Name (SAN) | − | String (Max 1024 characters) | The value of the Certificate’s Subject Alternative Name (SAN). |
| "Cancel" button | − | − | Stop editing. |
| "Issue" button | − | − | Issue and import a Server Certificate by using the Local CA. |
NoteUsing multibyte characters (e.g., Japanese or full-width characters) in field values is not supported.
Logging Settings
System Management > Logging Settings
Logging Level
System Management > Logging Settings > Logging LevelYou can change the output suppression level for each event log. Each event log records events with a severity level equal to or higher than the level set here. For information about log levels, refer to "Logging Level" in Event Management > Application Log. Click the "Edit" button at the bottom right to enter edit mode.
NoteIf "Logging Level" is set to "Disabled," events are not recorded in the log and they are viewable on the Event Management > Application Log page.
◼ Edit mode
Syslog
System Management > Logging Settings > SyslogEvent logs can be forwarded to an external Syslog server (UDP). Click the "Edit" button to enter edit mode.
◼ Edit mode
| Item / Button Name | Mandatory | Format | Description |
|---|---|---|---|
| Syslog Servers | − | String (Max 255 characters) | A list of external Syslog servers to forward event logs to. Set it in the format "Hostname or IPv4 Address:port number" (e.g. 192.0.2.10:3000). If the port number is omitted, 514 is used. You can also register multiple servers by separating them with a space character. Refer the release notes for the number of servers that can be registered. |
| "Edit" button | − | − | Start editing. |
| "Cancel" button | − | − | Stop editing. |
| "Save" button | − | − | Save the settings. |
Set time
System Management > Date & Time Settings
System Date & Time
System Management > Date & Time Settings > System Date & TimeYou can check the current time information and change the Time Zone. If you change the Time Zone, the node on which AT-RADgate is running is automatically restarted.
| Item Name | Description |
|---|---|
| Current Date & Time | Displays the current time in local time for the set Time Zone. |
| Time Zone | Displays the current Time Zone in the format "Region/Time Zone". Clicking the "Change" button displays the Time Zone dialog, allowing you to change the Time Zone. |
Time Zone
In the "Time Zone" dialog, you can change the Time Zone.
| Item / Button Name | Description |
|---|---|
| Region | Select your region from the dropdown list. The default is "Etc". |
| Time Zone | Select the Time Zone from the dropdown list. The default is "UTC". |
| "Cancel" button | Cancel the Time Zone change. |
| "Save" button | Save the Time Zone changes. |
Email Settings
System Management > Email Settings
SMTP Server
System Management > Email Settings > SMTP ServerConfigure the SMTP Server for sending emails. Click the "Edit" button to enter edit mode.
Allied Telesis recommends that you configure the SMTP Server settings as they are essential for features such as the administrator account password recovery function and license expiration warning.
If the SMTP Server is not registered, the message "SMTP server is not configured." is displayed. If registered, information about the currently registered SMTP Server is displayed.
◼ Edit Mode (when General SMTP Server is selected as the Provider)
◼ Edit Mode (when Gmail (OAuth2.0) is selected as the Provider)
◼ Edit Mode (when Microsoft Exchange Online is selected as the Provider)
| Item / Button Name | Mandatory | Format | Description |
|---|---|---|---|
| Provider | − | − | Select the type of SMTP Server to use or the OAuth provider. Select from General SMTP Server, Gmail (OAuth2.0), or Microsoft Exchange Online. |
| When General SMTP Server is selected as the Provider | |||
| Sender Email Address | × | Email Address | This is the sender Email Address for emails sent using this SMTP Server. |
| Hostname / IP Address | × | FQDN/IPv4 Address | The Hostname or IPv4 Address of the SMTP Server. |
| Port Number | × | Integer (0-65535) | The TCP port number for the SMTP service. |
| Encryption | × | − | The encryption protocol to use. Choose from "None", "STARTTLS", or "SMTPS". |
| User Name | − | − | The username for the login account on the SMTP Server. |
| "Configure Password" button | − | − | Clicking this displays the "Password" and "Confirm Password" items, allowing you to change the password for the SMTP Server login account. |
| Password | − | − | The password for the login account on the SMTP Server. |
| When Gmail (OAuth2.0) is selected as the Provider | |||
| Client ID | × | − | This is the OAuth Client ID. |
| Client Secret | × | − | This is the OAuth Client Secret. |
| Redirect URI | − | − | This is the Redirect URI registered with the OAuth provider. Editing is not available. It is generated from the AT‑RADgate URL. |
| "Connect" button | − | − | Connects to the OAuth provider. |
| When Microsoft Exchange Online is selected as the Provider | |||
| Client ID | × | − | This is the OAuth Client ID. |
| Client Secret | × | − | This is the OAuth Client Secret. |
| Tenant ID | × | − | This is the Microsoft Entra ID tenant ID. |
| Redirect URI | − | − | This is the Redirect URI registered with the OAuth provider. Editing is not available. It is generated from the AT‑RADgate URL. |
| "Connect" button | − | − | Connects to the OAuth provider. |
| Common | |||
| "Send Test Email" button | − | − | Sends a test Email with the currently displayed settings. The Email Address entered in "Sender Email Address" is used as both the sender and destination of the email. |
| "Edit" button | − | − | Start editing. |
| "Delete" button | − | − | Deletes the currently registered SMTP Server settings. |
| "Cancel" button | − | − | Stop editing. |
| "Save" button | − | − | Save the settings. |
About SMTP OAuth 2.0
OAuth 2.0 can be used as an additional authentication method for email notifications, in addition to the existing authentication method (Basic Authentication: General SMTP Server). This version supports Gmail and Microsoft Exchange Online.NoteWhen using Gmail (OAuth 2.0) or Microsoft Exchange Online, the following conditions must be met.
- Use a paid account configured with the provider
- The protocol is set to HTTPS on Web Service
- AT‑RADgate is accessed using a fully qualified domain name (FQDN)
- AT‑RADgate can connect to the Internet
Prerequisites for SMTP OAuth 2.0
To use SMTP OAuth 2.0, client registration with the OAuth provider is required in advance.When registering the client, specify the Redirect URI displayed in Edit mode on the SMTP Server page when Gmail (OAuth2.0) or Microsoft Exchange Online is selected for Provider.
After registering the client, enter the OAuth client information on the SMTP Server page and click the "Connect" button. The authorization page opens in a separate tab; complete the authorization.
When authorization succeeds and an access token is obtained, the message “Successfully connected to the OAuth authorization server and obtained an access token.” appears. After closing the tab and returning to SMTP Server, Connection Status: Connected is displayed, and you can save the settings.
Configuration Management
System Management > Configuration Management
Backup
System Management > Configuration Management > BackupSaves administrator account information and system settings to an external file. Because the backup file does not contain information such as authentication policy data, it is not possible to completely restore the entire running system from this backup file.
When SMTP OAuth 2.0 is used, the backup file stores the SMTP OAuth 2.0 settings (Provider, Client ID, Client Secret, Tenant ID, and OAuth ID for internal management). The Client Secret is encrypted. Token information is not stored.
To perform a complete system backup, use "System Backup" on the System Management > About page.
Restore
System Management > Configuration Management > RestoreRestores administrator account information and system settings from an external file. The current information is returned to the factory default state and then restored.
When a backup file that includes SMTP OAuth 2.0 settings is restored, the SMTP OAuth 2.0 settings are restored, but the token information is not restored. You need to click the "Connect" button on the SMTP Server page to obtain a new token.
NoteIf the local CA configuration is already enabled, restoration fails when you attempt to restore system settings that include replica settings.
When restoring system settings that include replica settings, you must delete the local CA in advance.
Initialize
System Management > Configuration Management > InitializeResets the administrator account information and system settings to the factory defaults.
Database Management
System Management > Database Management
Backup
System Management > Database Management > BackupSaves authentication policy data to an external file in CSV format.
| Button Name | Description |
|---|---|
| "Backup" button | Perform a backup of the authentication policy data. |
Import
System Management > Database Management > ImportImports authentication policy data from a CSV file. The imported data is merged with the current data.
| Button Name | Description |
|---|---|
| "Import" button | Import the authentication policy data. |
Initialize
System Management > Database Management > InitializeDeletes all authentication policy data. Allied Telesis recommends that you backup your data before deleting it.
| Button Name | Description |
|---|---|
| "Initialize" button | Initialize the authentication policy data. |
Compaction
System Management > Database Management > CompactionOptimize authentication policy data and free up storage space. Allied Telesis recommends that you make a backup before optimizing.
| Button Name | Description |
|---|---|
| "Compact" button | Performs authentication policy data optimization. |
License
System Management > LicenseYou can check and install the AT-RADgate software license (below is an example of when a trial license is installed).
NoteFor information about licenses, refer to Accessing Management Interface > Installing Licenses.
| Item / Button Name | Description |
|---|---|
| Maximum Number of Units | The total number of units for all active licenses. |
| Name | The name of the license. |
| Status | The license status. |
| Number of Units | The number of units the license provides. |
| Expire Date | The license expiration date. |
| "Install Trial License" button | Install a trial license. |
| "Update License" button | Install a new or updated license. When you click, a file selection dialog appears, so select the license file and upload it. The license information is updated. |
02 Apr 2026 08:03