Define a New Group for Firebox Authentication

To simplify how you specify which users can authenticate to your Firebox, you can create groups of users in your Firebox configuration.

  1. Select Authentication > Servers.
    The Authentication Servers page opens.
  2. From the Server list, select Firebox-DB.
  3. In the Firebox Groups section, click Add.
    The Firebox Group dialog box opens.

Screenshot of the Setup Firebox Group dialog box

  1. Type a name for the group.
  2. (Optional) Type a description for the group.
  3. (Optional) Select the Enable login limits for each user or group check box.
  4. If you enabled login limits, select an option:
    • Allow unlimited concurrent firewall authentication logins from the same account
    • Limit concurrent user sessions to.
    1. In the text box, type or select the number of allowed concurrent user sessions.
    2. From the drop-down list, select an option:
      • Reject subsequent login attempts
      • Allow subsequent login attempts and logoff the first session.

    You can configure login session limits at the global, group, and user level.

    • User settings take precedence over the group and global settings.
    • If user's login session limits are not configured, group settings take precedence, if configured.
    • If a user belongs to more than one group, the settings for the first group in the user's group list takes precedence.
    • If user or group login session limits are not configured, the global settings are used.
  5. (Optional) In Fireware v12.9 or higher, you can Enable Network Access Enforcement. For more information, go to Network Access Enforcement Overview.
  6. To add a user to the group, in the Firebox Authentication Users list, select the check box for that user.
  7. After you add all necessary users to the group, click OK.
  1. Select Setup > Authentication > Authentication Servers.
    The Authentication Servers dialog box opens.
  2. Select the Firebox tab.
  3. In the User Groups section, click Add.
    The Setup Firebox Group dialog box opens.

Setup Firebox group dialog box

  1. Type a name for the group.
  2. (Optional) Type a description for the group.
  3. (Optional) Select the Enable login limits for each user or group check box.
  4. If you enabled login limits, select an option:
    • Allow unlimited concurrent firewall authentication logins from the same account
    • Limit concurrent user sessions to.
    1. In the text box, type or select the number of allowed concurrent user sessions.
    2. From the drop-down list, select an option:
      • Reject subsequent login attempts
      • Allow subsequent login attempts and logoff the first session.

    You can configure login session limits at the global, group, and user level.

    • User settings take precedence over the group and global settings.
    • If user's login session limits are not configured, group settings take precedence, if configured.
    • If a user belongs to more than one group, the settings for the first group in the user's group list takes precedence.
    • If user or group login session limits are not configured, the global settings are used.
  5. (Optional) In Fireware v12.9 or higher, you can Enable Network Access Enforcement. For more information, go to Network Access Enforcement Overview.
  6. To add a user to the group, select the user name in the Available list. Click the double left arrow icon to move the name to the Member list.
    You can also double-click the user name in the Available list.
  7. After you add all necessary users to the group, click OK.

You can now configure policies and authentication with these users and groups, as described in Use Users and Groups in Policies.

Related Topics

Configure Your Firebox as an Authentication Server

Define a New User for Firebox Authentication

Network Access Enforcement Overview