Administrators accounts specify which configuration areas and tasks administrative users can access and change on a standalone Barracuda CloudGen Firewall or Barracuda Firewall Control Center on box level. Admin users can log into the system using the credentials specified in their profile and view or edit the services and settings defined in the administrative roles assigned to them.
Administrative Roles
Users can view or edit settings and services on the Barracuda CloudGen Firewall according to their assigned roles.
Create an Administrator Profile
- Go to CONFIGURATION > Configuration Tree > Box > Administrators.
- Click Lock.
- In the Administrators section, click + to add an administrator account.
Enter a unique Name for the account and click OK. The Administrators window opens. This account name is ued to log into the firewall.
- Enter the Full Name of the administrator or a description for the account.
- In the Assigned Roles table, add the appropriate administrative roles for the user. For a description of roles, see the Administrative Roles section.
- If you wish to grant permission for shell level access, select an option from the System Level Access list. You can select:
- No OS Login – Shell access is denied.
- Standard OS Login – Allows access on the OS layer via a default user account (home directory: user/phion/home/username).
- Restricted OS Login – Permits access via a restricted shell (rbash) with limitations (e.g., specifying commands containing slashes, changing directories by entering cd, …). A restricted login confines any saving action to the user's home directory.
- Select the Authentication Level that is required to access a system.
If external authentication is required, select the corresponding method from the External Authentication field.
- When using a password, select the corresponding scheme from the Password Validation list.
- Enter the External Login Name for the authentication scheme if it is different than the admin account name.
- Enter the password for the Barracuda Firewall Admin login. When creating an account, the new password must be entered in both the Current and New fields, even though the password has not yet been created. The password must be confirmed by re-entering it in the Confirm field.
- Import the Public RSA Key if required.
- If required, use the Peer IP Restriction table to set an access restriction on IP address and/or subnet level on which Barracuda Firewall Admin runs.
- From the Login Event list, select how a login is recorded. You can select.
- Service Default (default) – refers to the settings made within the Barracuda Firewall Control Center Access Notification (see How to Configure Access Notifications).
- Silent – suppresses any event notification.
- Click Send Changes and Activate.
Your admin user can now log into the Barracuda CloudGen Firewall or Barracuda Firewall Control Center box and view or edit the services according to their assigned roles.