“Firewall administration” tab

Access to the firewall’s administration interface

Allow the 'admin' account to log in

The ‘admin’ account is the only account with all privileges. It can connect without using certificates.

 

This option has to be selected if you wish to keep this privileged access.

WARNING

This account is to be considered “dangerous”, in view of the extent of its configuration possibilities and the access privileges granted to it.

Listening port

This field represents the port on which you can access the administration interface (https, tcp/443 by default).

NOTE

You can create an additional listening port by clicking on .

WARNING

The object can only be a “TCP” object (not “UDP”).

Configure the SSL certificate of the service

Click on this link to modify the certificate presented by the firewall’s administration interface and authentication portal.

Enable protection from brute force attacks

Brute force attacks are defined by the repeated attempts to connect to the firewall, by testing all password combinations possible

 

If this option is selected, you will prevent such attacks and enable the configuration of the two fields that follow, in order to restrict connection attempts.

Number of authentication attempts allowed

Maximum number of connection attempts before blocking the user (login/password error or case sensitivity, for example).

 

By default, the number of attempts allowed is limited to 3.

Freeze time (minutes)

Duration for which you will not be able to log on the firewall after the number of failed attempts specified above.

 

The duration of the freeze may not exceed 60 minutes.

Access to firewall administration pages

Add a server

Select a server from the drop-down list of objects. This server will be treated as an Authorized administration host that will be able to log on to the administration interface. This object may be a host, host group, network or address range.

Delete

Select the line to be removed from the list and click on Delete.

Disclaimer for access to the administration interface

Warning file

A disclaimer (warning text) can be added to the login page for the firewall's web administration interface, which will then appear in a frame located above the login and password fields.

The file containing the text of the disclaimer can be loaded onto the firewall using the file selector .

For a better layout, the text can be in HTML but must not contain Javascript.

Once the file has been saved on the firewall, its contents can be displayed using the button.

Deleting the warning file

This button allows you to delete the warning file loaded earlier on the firewall.

Remote SSH access

Enable SSH access

SSH (Secure Shell) is a protocol that allows logging on to a remote host via a secure link. Data from host to host are encrypted. SSH also allows the execution of commands on a remote server.

Select this option if you wish to connect remotely and securely in console mode.

NOTE

By selecting this option, you will enable the configuration of the two fields below it.

Enable password access

The password in question corresponds to the password for the “admin” account, as it is the only account that is able to connect in SSH.

The “admin” will need to enter it in order to access the firewall via a remote host.

 

You may also use a private/public key pair to authenticate.

 

Listening port

This field represents the port on which you will be able to access the administration interface (ssh tcp/22 by default).

NOTE

You can create an additional listening port by clicking on .

WARNING

The object can only be a “TCP” object (not “UDP”).