Firewall administration tab

Access to the firewall’s administration interface

Allow the 'admin' account to log in The super administrator (‘admin’ account) is the only account with all privileges and can connect without using certificates.
This option has to be selected if you wish to keep this privileged access.

This account is to be considered “dangerous”, in view of the extent of its configuration possibilities and the access privileges granted to it.

Listening port This field represents the port on which you can access the administration interface (https, tcp/443 by default).
You can create an additional listening port by clicking on .

The object can only be a “TCP” object (not “UDP”).

Configure the SSL certificate of the service Click on this link to modify the certificate presented by the firewall’s administration interface and authentication portal.
Maximum idle timeout (for all administrators) Set the longest idle timeout allowed for all administrator accounts on the firewall before they are logged out. Only the super administrator can change this setting.
However, individual administrator accounts can set different maximum idle timeouts in their preferences as long as they are the same as or shorter than the maximum timeout configured by the super administrator.
Enable protection from brute force attacks Brute force attacks are defined by the repeated attempts to connect to the firewall, by testing all password combinations possible
If this option is selected, you will prevent such attacks and enable the configuration of the two fields that follow, in order to restrict connection attempts.
Number of authentication attempts allowed Maximum number of connection attempts before blocking the user (login/password error or case sensitivity, for example).
By default, the number of attempts allowed is limited to 3.
Freeze time (minutes) Duration for which you will not be able to log on the firewall after the number of failed attempts specified above.
The duration of the freeze may not exceed 60 minutes.

Access to firewall administration pages

Add Select a network object from the drop-down list. It will be treated as an Authorized administration host that will be able to log on to the administration interface. This object may be a host, host group, network or address range.
Delete Select the line to be removed from the list and click on Delete.

Disclaimer for access to the administration interface

Warning file A disclaimer (warning text) can be added to the login page of the firewall's web administration interface, and will appear on the right of the authentication window. Click on the "Got it" button to enable this authentication window.
The file containing the text of the disclaimer can be loaded onto the firewall using the file selector .
For a better layout, the text can be in HTML but must not contain JavaScript.
Once the file has been saved on the firewall, its contents can be displayed using the button.
Deleting the warning file This button allows you to delete the warning file loaded earlier on the firewall.

Remote SSH access

Enable SSH access SSH (Secure Shell) is a protocol that allows users to log in to a remote host via a secure link. Data is encrypted between hosts. SSH also allows commands to be executed on a remote server.
Select this option if you wish to connect remotely and securely in console mode.

By selecting this option, you will enable the configuration of the two fields below it.

Enable password access The password in question corresponds to the password for the “admin” account, as it is the only account that is able to connect in SSH.
The “admin” will need to enter it in order to access the firewall via a remote host.
You may also use a private/public key pair to authenticate. 
Listening port This field represents the port on which you will be able to access the administration interface (ssh tcp/22 by default).
You can create an additional listening port by clicking on .

The object can only be a “TCP” object (not “UDP”).