For the sake of strengthening security, the connection to the authentication portal and to the Web administration interface is possible only by forcing certain options in the SSL protocol. SSL version v3 is disabled and the TLS versions enabled, in compliance with the recommendations given by the French Network and Information Security Agency (ANSSI).
As these options are not supported in Internet Explorer versions 6, 7 and 8, you are advised to use a higher version of this browser. Nonetheless, this mode may be disabled via command line in the CLI (CONFIG AUTH HTTPS sslparanoiac=0 / CONFIG AUTH ACTIVATE).
In order to configure your Stormshield Network firewall, you need to log onto the web administration interface.
Configuration of a firewall is only accessible to administrators of the product.
The “super admin” user or the administrator who holds all privileges can assign privileges to users and/or user groups in the menu System > Administrators.
The connection module consists of two sections:
- A static section
- A collapsible section: Options
A third, optional panel appears when a Disclaimer for access to the administration interface has been configured on the firewall (see Configuration > Firewall administration tab).
The information required depends on whether it is the administrator’s first connection to the firewall.
|ID||This field is reserved for users who have at least basic privileges.|
|Password||User’s password, which he will be asked to enter upon his initial connection.
For a default configuration, no passwords need to be entered (empty field).
|Authentication with SSL certificate||If this option is selected, the fields Username and Password will no longer be necessary, and therefore grayed out.
The following message will appear: “Using a certificate will allow you to authenticate automatically. Enable automatic authentication?”. ". Select Manual authentication or Automatic authentication.
|Log In||Clicking on this button or pressing “Enter” will allow sending connection information to the firewall.|
The Stormshield Network Firewall is case-sensitive and distinguishes uppercase and lowercase letters, both for the user name as well as for the password.
|Language||Language of the web administration interface.
When the user chooses a new language for the web interface, the authentication page will reload in the selected language.
Available languages are English, French, Polish, Hungarian and German.
|Read only||Allows connecting in “read-only” mode.
You will then be able to connect to the firewall without modify privileges using an account that ordinarily has such privileges. This allows the user to refrain from using modification privileges if they are not necessary.
- Options are contained in a cookie. Users therefore store their connection preferences on their browsers.
- If the “read only” option has been enabled in a cookie during the connection to the authentication page, to avoid confusion, part of the options will be presented to the user as deployed options.
When a field is empty
If a user attempts to authenticate without having entered the User or Password field, authentication will not begin and the message “This field should not be empty” will appear.
When “Caps lock” has been enabled
If this button has been enabled when the user enters his password, a warning icon will indicate that “Caps Lock has been enabled”.
When authentication fails, the message “Authentication has failed” will appear in red.
Protection from brute force attacks:
When too many requests are sent with the wrong password, the following message will appear: “Protection of authentication from brute force attacks has been enabled. The next authentication attempt will be possible in <number of seconds>”.
When TOTP authentication has been enabled
When TOTP authentication is enabled for access to the web administration interface, once the right administrator login and password are entered, a second window will appear, containing either one or two fields, depending on whether the administrator has already completed TOTP enrollment:
- If the administrator has not yet completed TOTP enrollment, a first section will appear. This section contains a message asking the administrator to enroll, and a link to TOTP enrollment via the captive portal.
If the administrator has already completed TOTP enrollment, this section will not appear.
- A field in which the TOTP must be entered to fully validate the administrator's authentication on the web administration interface via TOTP.
The “admin” account, super administrator
By default, only one user has administration privileges on Stormshield Network products – the “admin” account (whose login is “admin”). This administrator holds all privileges and can perform certain operations such as the modification of a user’s authentication method, for example.
The administrator account has the value “admin” as login and password by default.
Given the privileges assigned to the “admin” account, Stormshield Network recommends that you use this account only for tests or maintenance operations.
Only the “admin: user can assign administration privileges to other users.
The procedure for logging off the firewall is as follows:
- In the drop-down menu with the name of the connected user (on the top right side of the interface), select Log off.
- Next, click on Quit to confirm.
The administration interface will go back to the connection window.
If you Cancel, the interface will return the user to the main screen, without any impact on how the program runs.