Define a New User for Firebox Authentication

Firebox Authentication enables you to store the user accounts that you create to give your users access to your network on your Firebox or XTM device. To make sure that the credentials for each user account stored on your Firebox or XTM device are secure, the passphrase that you specify for each user account is encrypted with an NT hash in the device configuration file. When the configuration file is exported to a clear text file (such as for communication between the device and a Fireware XTM device configuration management tool), the passphrase is further encrypted with an AES key wrap.

You can use Fireware XTM Web UI to create the user accounts for Firebox Authentication and specify which users can authenticate to your Firebox or XTM device. You can also specify whether the user names you define in the Firebox Internal Database are case sensitive. By default, case-sensitivity for user names is enabled. When case-sensitivity is enabled, users must type their user names with the same capitalization you used when you defined the users in the Firebox Users list.

  1. Select Authentication > Servers.
    The Authentication Servers page appears.

Screen shot of the Authentication Servers page

  1. From the Server list, select Firebox.
    The Firebox page appears.

Screen shot of the Firebox Users page

  1. To disable case-sensitivity and enable your users to type their user names with any capitalization, clear the Enable case-sensitivity for Firebox-DB user names check box.
  1. In the Firebox Users section, click Add.
    The Firebox User dialog box appears.

screenshot of the Setup Firebox User dialog box

  1. In the Name text box, type the user name for this user.
  2. (Optional) In the Description text box, type a description of the new user.
  3. Type and confirm the Passphrase for the user.

When you set this passphrase, the characters are masked and it does not appear in simple text again. If you lose the passphrase, you must set a new passphrase.

  1. In the Session Timeout text box, type or select the maximum length of time the user can send traffic to the external network.

The minimum value for this setting is one (1) seconds, minutes, hours, or days. The maximum value is 365 days.

  1. In the Idle Timeout text box, type or select the length of time the user can stay authenticated when idle (not passing any traffic to the external network).

The minimum value for this setting is one (1) seconds, minutes, hours, or days. The maximum value is 365 days.

  1. Select the Enable login limits for each user or group check box.
  2. Select an option:
    1. In the text box, type or select the number of allowed concurrent user sessions.
    2. From the drop-down list, select an option:
      • Reject subsequent login attempts
      • Allow subsequent login attempts and logoff the first session.
  3. To add this user to an authentication group, in the Firebox Authentication Group list, select the check box for each group to add this user to.
  4. Click OK.
    The new user appears in the Firebox Users list.

See Also

Configure Your Device as an Authentication Server

Define a New Group for Firebox Authentication

Use Authorized Users and Groups in Policies

Give Us Feedback  •   Get Support  •   All Product Documentation  •   Knowledge Base