< Home

Creating an Administrator Account

This section describes how to configure an administrator account.

  1. Choose System > Administrator > Administrator.
  2. Click Add.
  3. Set the administrator parameters.

    The new administrator will be listed in the Administrator List.

    Repeat the preceding steps to create more administrators.

    Table 1 lists administrator parameters.

    Table 1 Administrator parameters

    Parameter

    Description

    User Name

    Account of an administrator.

    The account must be unique on a FW.

    Authentication Type
    Authentication type for an administrator:
    • Local Authentication: A FW uses the locally configured account and password to attempt to authenticate an administrator before the administrator can log in to the FW.
    • Server Authentication: A FW uses the account and password configured on an authentication server to attempt to authenticate an administrator before the administrator can log in to the FW.
    • Server Authentication/Local Authentication: A FW performs server authentication. Only if the FW fails to connect to an authentication server, the FW performs local authentication.

    Authentication Server

    Existing or new authentication server.

    Password/Confirm Password

    Password of an administrator.

    This parameter must be specified if Authentication Mode is set to Local Authentication or Server Authentication/Local Authentication.

    Role

    Name of an administrator role.

    A specific role is granted specific permission. Choose System > Administrator > Administrator Role to view administrator roles and their permissions.

    Trusted Host

    IP address range of the hosts that can log in to the FW. The value is in the format of IP address/mask. For example, 10.1.1.1/24 or 10.1.1.1/255.255.255.0 can be entered.

    To add an address range, click and enter the range. A maximum of 10 IP addresses ranges can be specified.

    NOTE:

    This function does not take effect on server authentication administrators and console login administrators.

    Advanced

    Service Type

    Login method, which can be WEB, Telnet, SSH, console, API, and FTP.

    NOTE:

    • After the FTP is specified, the system automatically generates an FTP directory for the administrator.

    • The service type SSH is recommended because Telnet or FTP causes security risks.

    • If the service type of an administrator account is changed from API to FTP/SSH/Telnet/Console/Web or vice versa, an administrator that logs in using this account is forced out.

      If the service type of an administrator account is changed among FTP/SSH/Telnet/Console/Web, the service type of an administrator that already logs in using this account is not changed, and the service type of an administrator that newly logs in using this account is subject to the change.

    • The service types of virtual system administrators can be Web, Telnet, and SSH only.

    • The API service is mutually exclusive with other service types. If you specify the API service type, you cannot specify other service types

    SSH Authentication

    SSH authentication method, which can be:

    • RSA
    • PASSWORD-RSA: allows the FW to use both the Rivest-Shamir-Adleman (RSA) algorithm and a password to authenticate an administrator.
    • PASSWORD
    • All: allows the FW to use either RSA or password authentication to authenticate an administrator.

    This item is required when you create an SSH authentication account. The default authentication method is PASSWORD.

    RSA Key

    Value of an RSA key used to authenticate an administrator. This parameter can be configured only when SSH Authentication Mode is set to RSA, PASSWORD-RSA, or All.

    To set an RSA key, perform either of the following operations:

    • Select an existing RSA key.
    • Create an RSA key.
      1. Click Manage RSA Key.
      2. Click Add.
      3. Enter a name in the Public Key Name text box.
      4. Enter a key in the Key text box for an RSA peer. The key is generated by an SSH client, and you can copy and paste the key in the Key text box.
      5. Click Apply.

    By default, an administrator created using the web UI can log in to the device from a web page.

    Interface access control, administrator service type, and enabled service on the device determine the login method. For example, if an administrator wants to log in using HTTPS through the management interface, the management interface must enable the HTTPS access control, the administrator account must support HTTPS, and the device must enable HTTPS. For detailed configuration process, see Configuration Examples for Administrator.

  4. Click OK.

Follow-up Procedure

You can click next to the administrator account to modify the administrator parameters.

To change the password of an administrator, enter the current administrator account password in the Enter the current administrator password dialog box that is displayed and then click Confirm.

For administrators created on the web UI, you are advised to modify or delete them on the web UI to prevent the mixed use of the web UI and CLI.

Parent Topic: Configuring an Administrator Using the Web
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >