Create Web Portal User accounts

The accounts for the optional Web Portal are defined with Web Portal User elements. It is highly recommended to create a unique Web Portal User account for each Web Portal User.

Figure: Elements for Web Portal User accounts



  • Engine elements define which logs, reports, or policy snapshots are displayed.
  • Policies, sub-policies, and template policies define which parts of the Policy Snapshots are displayed.
  • Report Designs define which reports are displayed. The Web Portal user is allowed to view all generated reports that are based on the granted Report Designs.
  • Filters define which logs are displayed. You can also add Filters that the Web Portal User can choose to apply when browsing logs.

Web Portal Users can also use internal authentication or external RADIUS authentication.

If administrative Domains are used, there are some more considerations:

  • Each Web Portal User account is limited to a single Domain.
  • The Web Portal User is allowed to see all information in the Policy Snapshots from the granted engines. If a policy’s template is in the Shared Domain, the Web Portal User can also see the rules inherited from the template in the Policy Snapshot.
  • The Web Portal Users might be allowed to view reports generated in the Shared Domain depending on their granted elements.

  For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Select Configuration, then browse to Administration.
  2. Right-click Access Rights and select New > Web Portal User.
  3. In the Name field, enter the user name that the Web Portal user uses to log on to the Web Portal.
  4. To authenticate the Web Portal User locally with the firewall, select Local Authentication, then configure the settings for local authentication.
    1. To manually specify a password, enter and confirm the password in the Password field and the Confirm Password field.
      CAUTION:
      We recommend that passwords be at least eight characters long and contain a combination of numbers, letters, and special characters. Secure passwords are never based on personal information such as names, birthdays, social ID numbers, phone numbers, street names, or registration plate numbers.
    2. To generate a random alphanumeric password, click Generate Password.
    3. In the Account Expiration settings, define when the account expires.
  5. To authenticate the Web Portal User with an external authentication server, select External Authentication, then select the authentication method from the Authentication Method drop-down list.
  6. Select engines from which the Web Portal User is allowed to view logs and Policy Snapshots.
    1. Click the Engines tab.
    2. To grant all engines to the Web Portal User, select Allow ANY.
      Note: If Domain elements have been configured, only the engines in the current Domain are granted to the Web Portal user.
    3. To select individual engines, click Add, then select the engines and click Select.
  7. On the Policies tab, select the policies from which the Web Portal User is allowed to view Policy Snapshots.
    You can only select policies that are installed on engines granted to the Web Portal User. You can define in detail which parts of the policies are shown in the Policy Snapshots.
  8. On the Logs tab, select log browsing permissions for the Web Portal User.
  9. On the Reports tab, select the kinds of reports that the Web Portal User can access.
  10. Click OK.

Web Portal User Properties dialog box

Use this dialog box to define the properties of a Web Portal User.

Option Definition
General tab
Name The Web Portal User name.
Comment

(Optional)

 A comment for your own reference.
Local Authentication Authentication by the Management Server.
Password Specifies the password.
Generate Password Generates a random 7-digit alphanumeric password.

Generated passwords are one time passwords. The Administrator is prompted to enter a new password at the first logon.

Confirm Password Confirms the password.
Password never expires

(Optional)

When selected, specifies the password to always be valid. Selecting this option overrides the password expiration settings in the Administrator Password Policy.
Always Active Specifies that the user account is active immediately and is never automatically disabled.
Expiration Date Specifies the date when the user account is automatically disabled.
External Authentication RADIUS-based authentication by an external RADIUS server.
Authentication Method Select an Authentication Method provided by an external RADIUS authentication server.
Option Definition
Engines tab
Granted Engines Shows the elements that an administrator has been given permission to edit and install when their Administrator Role would otherwise prevent them from doing so.
Add Opens the Select Engine dialog box.
Remove Remove the engine from the Granted Engines list.
Allow ANY Grants all engines to the Web Portal User.

If Domain elements have been configured, only the engines in the current Domain are granted to the Web Portal user.

Option Definition
Policies tab
Show Policy Snapshots for Granted Engines When selected, allows the Web Portal user access to Policy Snapshots.
Show Main Policies

(Optional)

When selected, allows the Web Portal user to view the rules in the upper-level policies.
Show Inherited Rules

(Optional)

When selected, allows the Web Portal user to view rules inherited from policy templates.
Add Opens the Select Policy Template dialog box.
Remove Removes the selected rules inherited from any policy template.
Allow ANY Grants the right to view all policies to the Web Portal User.

If Domain elements have been configured, only the policies in the current Domain are granted to the Web Portal user.

Show Sub-Policies

(Optional)

When selected, allows the Web Portal user to view information from sub-policies.
Add Opens the Select Sub Policy dialog box.
Remove Removes the selected sub-policies from the main policies.
Allow ANY Grants the right to view all sub-policies to the Web Portal User.

If Domain elements have been configured, only the sub-policies in the current Domain are granted to the Web Portal user.

Show Inspection Policy When selected, allows the Web Portal user to view the Inspection Policies of the granted engines.
Show Policy Upload History

(Optional)

When selected, allows the Web Portal user to view and compare all Policy Snapshots from the granted engines. The user can view and compare Policy Snapshots of any policies that have been installed on the granted engines (not only Policy Snapshots of policies granted to the Web Portal user).
Show Policy Upload Comments

(Optional)

When selected, allows the Web Portal user to view the comments that administrators have added at policy upload.
Option Definition
Logs tab
Show Logs from Granted Engines When selected, allows the Web Portal user access to logs.
Log Selection Filter Displays the filters applied to the log data before the data is displayed to the Web Portal user.
Log Browsing Filters Specifies one or more Filter Types that define the groups of Filters that the Web Portal user can use when browsing log data in the Web Portal.
Select Opens the Local Filter Properties dialog box.
Add Opens the Select Filter Type dialog box.
Remove Removes selected log browsing filters.
Option Definition
Reports tab
Show Reports When selected, allows Web Portal users access to reports.
Report Designs Displays the Report Designs based on which the Web Portal user is allowed to view reports. The Web Portal user is allowed to view all the reports that are based on the granted Report Designs (regardless of the Domain in which the reports were created if Domain elements have been configured).
Add Opens the Select Report Design dialog box.
Remove Remove the selected reports from the Report Designs list.
Allow ANY Grants the right to access all reports to the Web Portal User.