We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see https://campus.barracuda.com/doc/71862301/ for further information on our EoS policy.

Barracuda NG Control Center Admins

  • Last updated on
Administrative accounts allow multiple users to simultaneously manage the Barracuda NG Control Center and its managed Barracuda NG Firewall units. Initially, every Barracuda NG Control Center is managed by the user root who has unlimited access rights. The user root has the ability to grant system access to other administrators who, depending on the assigned user rights, are allowed or denied to perform certain operations. This is done by creating administrative profiles. Administrative profiles can be configured to use local or external authentication. The profile settings both specify the scope that an administrator can access (e.g., range or cluster) and define permissions and restrictions specified in the administrative roles that are assigned to the profile. Administrative roles define which services an administrator is allowed to use on the Barracuda NG Control Center and the managed Barracuda NG Firewalls. The configuration level specifies which areas in the config tree an administrator has read and/or write access to. The lowest (or best) configuration level that can be assigned to an administrator is 1 (like the user root). When an admin user creates a new administrative profile, the new user can, at best, receive the configuration level plus one of the creating admin.

Administrative Roles

The Barracuda NG Control Center provides a set of predefined administrative roles that can be modified if required and applied to an admin profile (e.g., Manager, Editor, etc.). Administrative roles define which services administrators are allowed to use on the Barracuda NG Control Center and the managed Barracuda NG Firewalls and which operations the administrator is allowed to perform within the different services (e.g., terminate VPN tunnels, etc.). When creating an administrative profile you can assign multiple administrative roles to a Barracuda NG Control Center administrator account.

For more information, see How to Configure Administrative Roles.

Administrative Profiles

When introducing an administrator on the Barracuda NG Control Center, create an administrative profile and assign access privileges, permissions, and restrictions.

An administrative profile consists of the following settings:  

  • Account Settings – Account settings define various parameters of an administrator account, such as username, authentication method, password expiration policy, shell access level, etc. You can authenticate administrators via local or external schemes (e.g., MS Active Directory, RADIUS, LDAP, etc.). External authentication enables the Barracuda NG Control Center and the Barracuda NG Firewalls to verify the credentials of an administrator against any supported authentication server. Administrators can use their external authentication (e.g., MSAD) password for logging into the Barracuda NG Firewall environment. Optionally, the administrator can also receive access rights to the operating system layer (shell login).
  • Administrative Scope – By assigning elements like a range or cluster, the administrative scope implicitly defines the systems that the administrator can access. The administrative scope also restricts the administrator’s view on the Barracuda NG Control Center (e.g., status map, config tree, etc.) and access to certain Barracuda NG Firewall units that are managed by the Barracuda NG Control Center.
  • Configuration Levels – The configuration level defines the read and write access a user has on configuration nodes in the Barracuda NG Control Center config tree. When creating an administrative profile, you have to apply a configuration level to the administrative user. In addition, you can specify or change configuration levels in the config tree. To read or edit a configuration node in the config tree, the administrative user must have a configuration level that is lower than the node’s read and write level.

For more information, see How to Configure Administrative Profiles.

Barracuda NG Control Center box level admins must be created separately on the box level of the NG Control Center and be configured as if on a standalone Barracuda NG Firewall unit (see How to Create a New Admin Account).

Last updated on