Related Topics
Define a New User for Firebox Authentication
Firebox Authentication enables you to store on your Firebox the user accounts that you create to give your users access to your network. To make sure that the credentials for each user account stored on your Firebox are secure, the passphrase that you specify for each user account is encrypted with an NT hash in the device configuration file. When the configuration file is exported to a clear text file (such as for communication between the Firebox and a Fireware device configuration management tool), the passphrase is further encrypted with an AES key wrap.
Create User Accounts
You can create the user accounts for Firebox Authentication and specify which users can authenticate to your Firebox. You can also specify whether the user names that you define in the Firebox internal database are case sensitive. When case-sensitivity is enabled, users must type their user names with the same capitalization you used when you defined the user accounts.
- Select Authentication > Servers.
The Authentication Servers page appears. - From the Authentication Servers list, select Firebox-DB.
The Firebox page appears, with the Users and Groups tab selected by default.
- To enable case-sensitivity and require your users to type their user names with specific capitalization, select the Enable case-sensitivity for Firebox-DB user names check box.
- In the Firebox Users section, click Add.
The Firebox User dialog box appears.
- In the Name text box, type the user name for this user.
- (Optional) In the Description text box, type a description of the new user.
- Type and confirm the Passphrase for the user.
Tip!When you set this passphrase, the characters are masked and it does not appear in simple text again. If you lose the passphrase, you must set a new passphrase.
The passphrase can include letters, number, special characters, and spaces, but cannot include only space characters. - In the Session Timeout text box, type or select the maximum length of time the user can send traffic to the external network. Tip!The minimum value for this setting is one (1) seconds, minutes, hours, or days. The maximum value is 365 days.
- In the Idle Timeout text box, type or select the length of time the user can stay authenticated when idle (not passing any traffic to the external network). Tip!The minimum value for this setting is one (1) seconds, minutes, hours, or days. The maximum value is 365 days.
- Select the Enable login limits for each user or group check box.
- Select an option:
- Allow unlimited concurrent firewall authentication logins from the same account
- Limit concurrent user sessions to
- In the text box, type or select the number of allowed concurrent user sessions.
- From the drop-down list, select an option:
- Reject subsequent login attempts
- Allow subsequent login attempts and logoff the first session.
- To add this user to an authentication group, in the Firebox Authentication Group list, select the check box for each group to add this user to.
If necessary, scroll down to see this list. - Click OK.
The new user appears in the Firebox Users list.
- Select Setup > Authentication > Authentication Servers.
The Authentication Servers dialog box appears.
- To enable case-sensitivity and require your users to type their user names with specific capitalization, select the Enable case-sensitivity for Firebox-DB user names check box.
- On the Firebox tab, in the Users section, click Add.
The Setup Firebox User dialog box appears.
- In the Name text box, type the user name for this user account.
- (Optional) In the Description text box, type a description of the new user.
- Type and confirm the Passphrase for the user.
Tip!When you set this passphrase, the characters are masked and it does not appear in simple text again. If you lose the passphrase, you must set a new passphrase.
The passphrase can include letters, number, special characters, and spaces, but cannot include only space characters. - In the Session Timeout text box, type or select the maximum length of time the user can send traffic to the external network. Tip!The minimum value for this setting is one (1) seconds, minutes, hours, or days. The maximum value is 365 days.
- In the Idle Timeout text box, type or select the length of time the user can stay authenticated when idle (when the user does not pass any traffic to the external network). Tip!The minimum value for this setting is one (1) seconds, minutes, hours, or days. The maximum value is 365 days.
- Select the Enable login limits for each user or group check box.
- Select an option:
- Allow unlimited concurrent firewall authentication logins from the same account
- Limit concurrent user sessions to
- In the text box, type or select the number of allowed concurrent user sessions.
- From the drop-down list, select an option:
- Reject subsequent login attempts
- Allow subsequent login attempts and logoff the first session.
- To add this user to a Firebox Authentication Group, select the group name in the Available list.
- Click
to move the name to the Member list.
Or, you can double-click the group name in the Available list.
The group is added to the Member list. You can then add more groups for this user. - Click OK.
The new user appears in the Firebox Users list.
Configure Account Lockout Settings
You can enable Account Lockout to prevent brute force attempts to guess user account passwords. When Account Lockout is enabled, the Firebox temporarily locks a user account after a specified number of consecutive, unsuccessful login attempts, and permanently locks a user account after a specified number of temporary account lockouts.
For detailed steps to configure Account Lockout settings, see Configure Firebox Account Lockout Settings.
See Also
Configure Your Firebox as an Authentication Server