IDENTIFICATION PORTAL

For the sake of strengthening security, the connection to the authentication portal and to the Web administration interface is possible only by forcing certain options in the SSL protocol. SSL version v3 is disabled and the TLS versions enabled, in compliance with the recommendations given by the French Network and Information Security Agency (ANSSI).

Connection

In order to configure your Stormshield Network firewall, you need to log onto the web administration interface.

Configuration of a firewall is only accessible to administrators of the product.
The “super admin” user or the administrator who holds all privileges can assign privileges to users and/or user groups in the menu System > Administrators.

Presentation

The connection module consists of two sections:

  • A static section
  • A collapsible section: Options

A third, optional panel appears when a Disclaimer for access to the administration interface has been configured on the firewall (see Configuration > Firewall administration tab).

The information required depends on whether it is the administrator’s first connection to the firewall.

ID This field is reserved for users who have at least basic privileges.
Password User’s password, which he will be asked to enter upon his initial connection.
For a default configuration, no passwords need to be entered (empty field).
Authentication with SSL certificate If this option is selected, the fields Username and Password will no longer be necessary, and therefore grayed out.
The following message will appear: “Using a certificate will allow you to authenticate automatically. Enable automatic authentication?”. ". Select Manual authentication or Automatic authentication.

REMARKS
The automatic connection option can be enabled automatically in the section Preferences > Connection settings > Connect automatically with an SSL certificate.
Log In Clicking on this button or pressing “Enter” will allow sending connection information to the firewall.

WARNING
The Stormshield Network Firewall is case-sensitive and distinguishes uppercase and lowercase letters, both for the user name as well as for the password.

Options

Language Language of the web administration interface.
When the user chooses a new language for the web interface, the authentication page will reload in the selected language.
Available languages are English, French, Polish, Hungarian and German.
Read only Allows connecting in “read-only” mode.
You will then be able to connect to the firewall without modify privileges using an account that ordinarily has such privileges. This allows the user to refrain from using modification privileges if they are not necessary.

REMARKS

  • Options are contained in a cookie. Users therefore store their connection preferences on their browsers.
  • If the “read only” option has been enabled in a cookie during the connection to the authentication page, to avoid confusion, part of the options will be presented to the user as deployed options.

Error notifications

When a field is empty

If a user attempts to authenticate without having entered the User or Password field, authentication will not begin and the message “This field should not be empty” will appear.

When “Caps lock” has been enabled

If this button has been enabled when the user enters his password, a warning icon will indicate that “Caps Lock has been enabled”.

Authentication failure

When authentication fails, the message “Authentication has failed” will appear in red.

REMARKS
Protection from brute force attacks:
When too many requests are sent with the wrong password, the following message will appear: “Protection of authentication from brute force attacks has been enabled. The next authentication attempt will be possible in <number of seconds>”.

When TOTP authentication has been enabled

When TOTP is enabled as the authentication method to access the web administration interface, once a valid administrator login (other than the admin super administrator account) and password pair is entered, a second window will appear, containing two fields:

  • In the first section, a message asks the administrator to enroll for TOTP through the enrollment page on the captive portal if it has not already been done.
  • A field in which the TOTP must be entered to fully validate the authentication of the administrator who enrolled for TOTP.

The “admin” account, super administrator

By default, only one user has administration privileges on Stormshield Network products – the “admin” account (whose login is “admin”). This administrator holds all privileges and can perform certain operations such as the modification of a user’s authentication method, for example.

WARNING
The administrator account has the value “admin” as login and password by default.

REMARKS
Given the privileges assigned to the “admin” account, Stormshield Network recommends that you use this account only for tests or maintenance operations.
Only the “admin: user can assign administration privileges to other users.

Logging off

The procedure for logging off the firewall is as follows:

  1. In the drop-down menu with the name of the connected user (on the top right side of the interface), select Log off.
  2. Next, click on Quit to confirm.
    The administration interface will go back to the connection window.
    If you Cancel, the interface will return the user to the main screen, without any impact on how the program runs.