Configuring Authentication - Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01 Manual
Configuring screenos devices guide
Hide thumbs
Also See for NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01:
- Manual (340 pages) ,
- Administration manual (1026 pages) ,
- Installation manual (244 pages)
Table of Contents
Advertisement
Table 31: Privilege Level
Privilege Levels
Read/Write Device Administrator
Read-Only Device Administrator
Virtual System Device
Administrator (available on
security devices that support
virtual systems)
Virtual System Read-Only Device
Administrator (available on
security devices that support
virtual systems)
Configuring Authentication
Copyright © 2010, Juniper Networks, Inc.
Description
The read/write administrator has the same privileges as the root device administrator, but
cannot create, modify, or remove other device administrators. Privileges include:
Creates virtual systems and assigns virtual system administrators
Monitors any virtual system
Tracks statistics (this privilege cannot be delegated to a virtual system administrator)
The read-only device administrator has only viewing privileges using the Web UI, and can
only issue the get and ping CLI commands. Privileges include:
Read-only privileges in the root system, using the following four commands: enter, exit,
get , and ping
Read-only privileges in virtual systems
NOTE: All system administrators, including those assigned a Read-Only role, can create
and run their own reports.
Each virtual system (vsys) is a unique security domain, which can be managed by virtual
system device administrators with privileges that apply only to that vsys. Virtual system
administrators independently manage virtual systems through the CLI or Web UI. Privileges
include:
Creates and edits auth, IKE, L2TP, XAuth, and Manual Key users
Creates and edits services
Creates and edits policies
Creates and edits addresses
Creates and edits VPNs
Modifies the virtual system administrator login password
Creates and manages security zones
Adds and removes virtual system read-only administrators
A virtual system read-only administrator has the same set of privileges as a read-only
administrator, but only within a specific virtual system. A virtual system read-only
administrator has viewing privileges for a particular vsys through the Web UI, and can only
issue the enter, exit, get, and ping CLI commands within that vsys.
For any configuration change made by a device administrator, the managed device
generates a log entry with the name of the device administrator making the change, the
IP address from which the change was made, and the time of the change. These log
entries appear as configuration logs in the NSM Log Viewer.
A device administrator can authenticate a connection to a security device using one of
two authentication methods: Password or Public Key (ScreenOS 5.x devices only).
However, regardless of the authentication method you want the device administrator to
use, you must initially define a password for the admin account. If you later bind a public
key to the admin, the password becomes irrelevant.
Chapter 5: Administration
151
Advertisement
Table of Contents
Need help?
Do you have a question about the NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01 and is the answer not in the manual?
Questions and answers