Define a New User for Firebox Authentication

Firebox Authentication, also known as Firebox-DB authentication, enables you to store on your Firebox the user accounts that you create to give your users access to your network. To make sure that the credentials for each user account stored on your Firebox are secure, the passphrase that you specify for each user account is encrypted with an NT hash in the device configuration file. When the configuration file is exported to a clear text file (such as for communication between the Firebox and a Fireware device configuration management tool), the passphrase is further encrypted with an AES key wrap.

Create User Accounts

You can create the user accounts for Firebox Authentication and specify which users can authenticate to your Firebox. You can also specify whether the user names that you define in the Firebox internal database are case sensitive. When case-sensitivity is enabled, users must type their user names with the same capitalization you used when you defined the user accounts.

Minimum Passphrase Length

In Fireware v12.2.1 or higher, you must specify the minimum number of characters for a passphrase. You can specify a value between 8 and 32 characters. Longer passphrases are more secure.

The minimum passphrase length setting applies to:

  • New Firebox-DB accounts added in the Firebox-DB server, Access Portal, and Mobile VPN with IKEv2 configurations
  • New Firebox management accounts (admin and status accounts)
  • New Support Access accounts

This setting controls only the minimum passphrase length. The maximum passphrase length is 32 characters and cannot be changed.

Passphrases for current Firebox-DB users are not changed when you upgrade to Fireware v12.2.1 or higher, but any new passphrases selected for current accounts must meet the minimum passphrase requirement. For example, if you unlock a user account and select the option to reset the passphrase, the new passphrase must meet the minimum length requirement.

Configure Account Lockout Settings

You can enable Account Lockout to prevent brute force attempts to guess user account passwords. When Account Lockout is enabled, the Firebox temporarily locks a user account after a specified number of consecutive, unsuccessful login attempts, and permanently locks a user account after a specified number of temporary account lockouts.

For detailed steps to configure Account Lockout settings, see Configure Firebox Account Lockout Settings.

See Also

Configure Your Firebox as an Authentication Server

Define a New Group for Firebox Authentication

Use Users and Groups in Policies

Give Us Feedback  ●   Get Support  ●   All Product Documentation  ●   Technical Search