User Administration
On the User Administration page, you change the administration password for the admin account on your firewall and create other administrator user accounts. The characters in the password are displayed as little stars. Remember that the password is sent unencrypted over your local network if you use HTTP instead of HTTPS.
You can authenticate administrators using a RADIUS server instead of a local password (select this on the Access Control page under Basic Configuration). When RADIUS is used, you must also enter a RADIUS server on the RADIUS page under Basic Configuration.
More information about how to configure the RADIUS server to authenticate administrators can be found in the RADIUS section.
Password for the 'admin' account
The admin user is predefined. That user can make changes, load configurations, apply configurations and log on the firewall via the serial cable. You can't remove this user or change its privileges, only change its password.
Old password
Enter the old password for the admin user.
New password, New password again
Enter the new password in both fields. You must enter the exact same password in both fields, to make sure that you did not make a mistake.
Change administration password
Click on this button to change the password for the admin user. The new password is now saved on the firewall.
Other accounts
Here, you define other user accounts that can access the firewall. A user account can be restricted to only look at settings, or to change only some settings. Changes of configuration are logged by user name.
Changes in restrictions for an existing user account are immediate. The exception is changes for a currently logged on user, for which the changes will have effect the next time he/she logs on.
User
Enter the user name for this account. The name is used when the user logs on and for logging the changes.
Password
Press the Change password button to enter the password for this user.
Account Type
Select what privileges this user should have.
Full Access means that the user can make any changes to the configuration. This is the same privileges as the admin user has in the web GUI, but only the admin user can log on via the serial cable.
Backup/Restore Config means that the user can download the configuration to file, and upload a configuration file to the firewall. The user is also allowed to apply configurations.
VPN admin means that the user can make any changes on the Virtual Private Networks pages and apply configurations, but can't change any other configuration.
SIP admin means that the user can make any changes on the SIP pages and apply configurations, but can't change any other configuration.
View Config Only means that the user can view any configuration and make log searches, but can't change any configuration.
Disabled means that the user is not allowed to log on to the web interface of the firewall.
Currently logged in administrators
Here, all users logged on the firewall web interface are shown. If your user has full access, you can log out other users here.
Account
The name of the logged on user.
Type
Here, the account type for the user is shown. The account type tells you the user's access rights for the firewall web interface.
From
Here you see from which IP address the user connected to the firewall.
Logged in
Here you see when the user logged on to the firewall.
Last access
Here you see when the user last accessed the firewall web interface. Accesses could be a change of a parameter, a change of web page or a log search.
Status
Here you see if the user is active or idle. The firewall marks a user as idle if the user has not accessed the web interface in ten minutes.
Log out
If your user has full access to the web interface, you can log out other users. However, if you do not change their password (or change the Account type to Off), they can just log on again.