Roles For Device Administrator Accounts; Supporting Admin Accounts For Dialup Connections - Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01 Manual

Roles for Device Administrator Accounts

Related
Documentation

Supporting Admin Accounts for Dialup Connections

Related
Documentation
Copyright © 2010, Juniper Networks, Inc.
is enabled, you can set the admin access locking time to lock out the account. The lockout
occurs after the specified number of failed login attempts.
You can configure role attributes for admin users. If you select the privilege of admin user
as root, you cannot set the role attribute (that is, the root administrator cannot set role
attributes.) If you set privilege as read-write or read-only, you can assign any of the
available role attributes. The default value is Not Assigned.
Supporting Admin Accounts for Dialup Connections on page 153
Restricting Management Connections Using Permitted IPs on page 154
Device Administrator Authentication Overview on page 149
The NetScreen-5XT and the NetScreen-5GT devices support a modem connection for
outbound dial-up disaster recovery situations. You can set up trustee accounts for the
interface or for the modem. This topic describes the two types of trustees:
Interface trustee
An interface trustee has access only to the Untrust interface through the Web UI. An
interface trustee can only assign the IP address for the primary Untrust zone interface.
Also, an interface trustee account can enable or disable ping responses from an
interface. Interface trustees can select either a PPPoE or DHCP client using automatic
IP address assignment or a static address assignment client.
Modem trustee
A modem trustee can access, configure, and modify only the ISP1 and ISP2 settings.
A modem trustee can also test and view the configurations for the ISP3 and ISP4
settings.
You can configure Modem Trustee and Interface Trustee accounts to have Read/Write
or Read-Only levels of access.
The connection type to a device by a Trustee administrative account occurs exclusively,
preventing any other connection type from occurring. The secure trustee connection
prevents local console, Telnet, and SSH sessions to connect to the device if these other
connection types attempt to use the trustee's name or password.
Restricting Management Connections Using Permitted IPs on page 154
Local Access Configuration Using CLI Management Overview on page 155
Device Administrator Account Configuration Overview on page 150
Chapter 5: Administration
153