Legacy productThe WF1740 described here is an old product and no longer supplied. Please see details of current FireBrick products.
FireBrick 105
Manuals
Home 		Setup Users Status Profiles Shape Speed Subnet Route IP Port Filters Mapping Tunnel

FireBrick 105 User security model

Overall model

There are security levels 1, 2, 3, 4, 5, 6, 7, 8. These are not levels as such, i.e. 8 is not better that 1 - they are just 8 different settings.

Each of the settings in the FireBrick has a level defined. It is in the setup for each filter, mapping, route, etc.

Each user has a 8 check boxes, one for each level, defining the view settings. When logged in as a user, you can only view settings on the levels which you have ticked. If you have all 8 levels ticked you can view anything.

Each user also has 8 check boxes, one for each level, defining the edit settings. If you can view a setting, you can access the setting page for it, but you can only save changes to that setting if it is on a security level where you have edit selected. If you have all 8 levels ticked then you can change anything.

There are also security settings for the top level menus. These also define the default setting applied when you erase something. They also define whether you can see the icon and list of items. E.g. if filters are set for level 1, then you can only see the filters icon if you have level 1 view rights ticked.

Changing security levels

You can change the security level of anything which you have edit rights to. If you change it to a level for which you do not have edit rights then you will not be able to change it back. If you change it to a level for which you do not have view rights, then you will not even be able to see it.

Changing your view/edit rights

You can edit any users view and edit rights if you have edit rights for the security level for that user. i.e. users have a security level just like any other settings. However, you cannot give or take away any rights for any user which you do not yourself have. You do not see the check boxes for those levels when you edit that user. This applies to your own settings too. So, if you remove your own rights you cannot give yourself them back!

Nobody user

The nobody user is a special user - it defines the rights that apply when not logged in. These can be as comprehensive as any other user. You can make a brick allow complete view and edit or all 8 levels without logging in even, if you want to, though this is not recommended.

Initially the nobody user can view and edit level 1, which allows it to set a password for the admin user. You can then log in as the admin user which gives full view and edit rights for all 8 levels. It is recommended that you always have at least one user with all rights. If not, you can never get those rights back as there is no login that will be able to tick them in the user settings.

Special settings

There are settings for upgrade and config in the setup menu under security. These specifically relate to loading new software, and to loading or saving the config. This means you could make a user that, for example, can save the config or load new software and nothing else. This may be useful for some remote script that regularly archives the config, and updates bricks with new releases.

Settings for top level (icons)

For each top level setting there is a security level under settings/security. This controls if the top level icon (e.g. filters) is visible.

However, it is possible for a edit to have view or edit rights to an individual setting and not have the top level ability to list the settings. This can be useful, for example, for manual controlled profiles. If a user has rights to change one, then it will appear in the main login page as a check box, but not offer the profiles icon itself to allow listing of profiles. You can also time control when this is visible even.