Administrative accounts specify
roles and
authentication methods for firewall administrators. The service
that you use to assign roles and perform authentication determines
whether you add the accounts on the firewall, on an external server,
or both (see
Administrative
Authentication). If the authentication method relies on a
local firewall database or an external service, you must configure
an authentication profile before adding an administrative account
(see
Configure
Administrative Accounts and Authentication). If you already
configured the authentication profile or you will use
Local
Authentication without a firewall database, perform the following
steps to add an administrative account on the firewall.
Create a separate administrative account
for each person who needs access to the administrative or reporting
functions of the firewall. This enables you to better protect the
firewall from unauthorized configuration and enables logging of
the actions of individual administrators.
Make sure you are following
the
Best
Practices for Securing Administrative Access to ensure that
you are securing administrative access to your firewalls and other
security devices in a way that prevents successful attacks.