Device Administrator Account Configuration Overview; Configuring Privilege Level - Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01 Manual
Configuring screenos devices guide
Hide thumbs
Also See for NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01:
- Manual (340 pages) ,
- Administration manual (1026 pages) ,
- Installation manual (244 pages)
Table of Contents
Advertisement
Configuring ScreenOS Devices Guide
Device Administrator Account Configuration Overview
Configuring Privilege Level
150
Importing Device Administrators from a Physical Device Overview on page 148
You must create an account for each device administrator on the managed device. The
device administrator account contains a device admin privilege level, username, password,
and optional PKA keys for the admin.
Additionally, for security devices that run ScreenOS 5.0 or later, you can configure
privileges for the Trustee, such as granting the permission to configure the untrust Ethernet
interface and the permission to configure the untrust modem interface.
Configuring Privilege Level on page 150
Configuring Authentication on page 151
Admin Access Lock Setting on page 152
Roles for Device Administrator Accounts on page 153
A security device supports multiple device administrators. NSM connects to the device
as the root device administrator, and has complete administrative privileges for the
device.
A security device can have only one root device administrator which cannot be deleted.
Additionally, after you create the root device administrator (or import from an existing
device) you cannot change the name of the root device administrator. To delete an
existing root device administrator, you can change the privilege level of the administrator
to a non-root privilege, and then save and delete the administrator. If you delete the root
device administrator, however, you must then create a new root device administrator
before installing the modeled configuration on the managed device (NSM must use the
root device administrator account to communicate with the managed device).
NOTE: For ScreenOS 5.x devices, you can set or change the root device admin
password using the directive "Set Root Admin." To execute this directive,
right-click the device in the Device Manager device list and select Device >
Set Root Admin.
When you create other device administrators, you must assign a privilege level; these
privileges are accessible to the device admin after successful log in to the device as
described in Table 31 on page 151.
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
