Your Management Server includes many predefined administrative roles that you can use to manage your Fireboxes that are centrally managed by your Management Server. You can also define custom roles, as described in Define Roles and Role Properties.
If your device is not centrally managed, you can create user accounts on your single Firebox that use the Device Administrator, Device Monitor, and Guest Administrator roles.
For more information about how to use role-based administration on your Firebox, go to Manage Users and Roles on Your Firebox.
This list includes all available predefined roles and the actions they are allowed to take.
| Role | Allowed actions |
|---|---|
| Branch Office VPN Administrator |
View folders and devices in WSM View device log messages View/create device reports Configure device network configuration, policies, and BOVPN tunnels Rekey BOVPN tunnels for a device |
| Device Administrator |
View and move folders and devices in WSM View/modify folder and device management server properties View device log messages Define a report of any device Set passphrases for the Device Management user accounts Configure Reputation Enabled Defense settings Also available for Role-Based Administration on a Firebox. |
| Device Monitor |
View folders and devices in WSM View device log messages and reports View the entire configuration file for a device View Reputation Enabled Defense settings Also available for Role-Based Administration on a Firebox. |
| Guest Administrator |
Connect to a device to manage the list of guest user accounts, and print vouchers, for connections to the hotspot enabled on the device. Only available for Role-Based Administration on a Firebox. For more information, go to Configure Hotspot Settings. |
| Legacy admin account |
View and move folders in WSM View/modify folder and device Management Server properties View/move devices in WSM and monitoring tools View device log messages View/create device reports Set passphrases for the Device Management user accounts View/modify device configuration file Update device OS Backup/restore device configuration and OS Reboot/restart device Configure device network configuration, Firewall Policies, QoS Settings, BOVPN tunnels, and Mobile VPN tunnels Drop currently active device Mobile VPN user tunnels Configure device external authentication, Firebox users and groups, WebBlocker, spamBlocker, and Quarantine Server settings Update Gateway AntiVirus/IPS signatures Rekey device BOVPN tunnels and Mobile VPN tunnels Update the device feature keys Configure Reputation Enabled Defense settings |
| Legacy status account |
View folders in WSM View folder and device Management Server properties View devices in WSM and monitoring tools View device log messages View device reports View device configuration file View Reputation Enabled Defense settings |
| Management Server Administrator |
Define devices, folders, security templates, VPN firewall policies, and customer information Has Certificate Authority access Define a report or view audit log messages of any user Define a report of any device Configure Reputation Enabled Defense settings |
| Management Server Monitor |
View folders and devices in WSM View role policies View security templates View VPN Firewall policies View customer information Access to Certificate Authority View a report or view audit log messages of any user View a report of any device |
| Mobile User VPN Administrator |
View folders and devices in WSM View device log messages View/create device reports Configure device network configuration and Mobile VPN tunnels Drop active Mobile VPN user tunnels for a device Define users and groups for a device Rekey BOVPN tunnels for a device |
| MSS Monitor | View devices in monitoring tools |
| Network Administrator |
View folders and devices in WSM View device log messages View/create device reports Configure device network configuration |
| Security Administrator |
View folders and devices in WSM View device log messages View/create device reports Configure device network configuration, policies, and QoS settings Update Gateway AntiVirus/IPS signatures |
| Super Administrator |
Define users, role policies, devices, folders, security templates, VPN firewall policies, and customer information Has Certificate Authority access Define a report or view audit log messages of any user Define a report of any device |
| User Authentication Administrator |
View folders and devices in WSM View device log messages View/create device reports Configure device external authentication Define users and groups for a device |
| User Services Administrator |
View folders and devices in WSM View device log messages View/create device reports Configure WebBlocker, spamBlocker, and Quarantine Server settings for a device |