Configure a Firewall Administrator Account
Administrative accounts specify roles and authentication methods for firewall administrators. The service that you use to assign roles and perform authentication determines whether you add the accounts on the firewall, on an external server, or both (see Administrative Authentication). If the authentication method relies on a local firewall database or an external service, you must configure an authentication profile before adding an administrative account (see Configure Administrative Accounts and Authentication). If you already configured the authentication profile or you will use Local Authentication without a firewall database, perform the following steps to add an administrative account on the firewall.
Make sure you are following the Best Practices for Securing Administrative Access to ensure that you are securing administrative access to your firewalls and other security devices in a way that prevents successful attacks.
Create a separate administrative account for each person who needs access to the administrative or reporting functions of the firewall. This enables you to better protect the firewall from unauthorized configuration and enables logging of the actions of individual administrators.
- Modify the number of supported administrator accounts.Configure the total number of supported concurrent administrative accounts sessions for a firewall in the normal operational mode or in FIPS-CC mode. You can allow up to four concurrent administrative account sessions or configure the firewall to support an unlimited number of concurrent administrative account sessions.
You can also configure the total number of supported concurrent sessions by logging in to the firewall CLI.admin>configureadmin#set deviceconfig setting management admin-session max-session-count <0-4>admin#set deviceconfig setting management admin-session max-session-time <0, 60-1499>admin#commit
- Selectand edit the Authentication Settings.DeviceSetupManagement
- Edit theMax Session Countto specify the number of supported concurrent sessions (range is0to4) allowed for all administrator and user accounts.Enter0to configure the firewall to support an unlimited number of administrative accounts.
- Edit theMax Session Timein minutes for an administrative account. Default is720minutes.
- SelectandDeviceAdministratorsAddan account.
- Enter a userName.
- Select theAdministrator Type.If you configured a custom role for the user, selectRole Basedand select the Admin RoleProfile. Otherwise, selectDynamic(default) and select a dynamic role. If the dynamic role isvirtual system administrator, add one or more virtual systems that the virtual system administrator is allowed to manage.
- (Optional) Select aPassword Profilefor administrators that the firewall authenticates locally without a local user database. For details, see Define a Password Profile.
Recommended For You
Recommended videos not found.