Further reading
Session and user privileges
Name |
Description |
Privileges assigned |
Logs (R) |
Log consultation |
base, log_read |
Filter (R) |
Filter policy consultation |
base, filter_read |
VPN (R) |
VPN configuration consultation |
base, vpn_read |
Logs (W) |
Privilege to modify log configuration |
modify, base, log |
Filter (W) |
Privilege to modify filter policy configuration |
modify, base, filter |
VPN (W) |
Privilege to modify VPN configuration |
modify, base, vpn |
Monitoring |
Privilege to modify the configuration from Stormshield Network Real-Time Monitor |
modify, base, mon_write |
Content filtering |
Privilege for URL filtering, Mail, SSL and antivirus management |
modify, base, contentfilter |
PKI |
Privilege to modify PKI |
modify, base, pki |
Objects |
Privilege to modify Object database |
modify, base, object |
Users |
Privilege to modify Users |
modify, base, user |
Network |
Privilege to modify network configuration (interfaces, bridges, dialups, VLANs and dynamic DNS configuration) |
modify, base, network |
Routing |
Privilege to modify routing (default route, static routes and trusted networks) |
modify, base, route |
Maintenance |
Privilege to perform maintenance operations (backups, restorations, updates, Firewall shutdown and reboot, antivirus update, modification of antivirus update frequency, High Availability modification and RAID-related actions in Real-Time Monitor) |
modify, base, maintenance |
Intrusion prevention |
Privilege to modify Intrusion prevention (IPS) configuration |
modify, base, asq |
Vulnerability manager |
Privilege to modify vulnerability management configuration (Stormshield Network Vulnerability Manager) |
modify, base, pvm |
Objects (global) |
Privilege to access global objects |
modify, base, globalobject |
Filter (global) |
Privilege to access the global filter policy |
modify, base, globalfilter |
The base privilege is assigned to all users systematically. This privilege allows reading the whole configuration except filtering, VPN, logs and content filtering. The modify privilege is assigned to users who have write privileges. The user who has logged on as admin will obtain the admin privilege. This is the only privilege that allows giving other users administration privileges or removing them.
SA states
- |
Undetermined |
Larval |
The SA is in the process of being negotiated or has not been completely negotiated. |
Mature |
The SA has been established and is available; the VPN tunnel has been correctly set up. |
Dying |
The SA will soon expire; A new SA is in the progress of being negotiated. |
Dead |
The SA has expired and cannot be used; The tunnel has not been set up and is therefore no longer active. |
Orphan |
A problem has occurred, in general this status means that the tunnel has been set up in only one direction. |