Defining vGW Series Administrators Using the Settings Module

Different categories of IT staff members may need to access the vGW Security Design VM interface for various purposes. For example, network engineers can make use of network statistics and security engineers can deploy policies. The vGW Series has a number of different user types built in to accommodate these requirements.

To create administrator accounts, you use the Settings module vGW Application Settings section, and select Administrators. You specify the user name, type, permissions, and authentication.

Based on the type of user logged into the system, different menus are displayed in this screen. When Global Admin users are logged in, they can add new users. Other users are simply presented with a Change My Password dialog box, in which they can enter in a new password for themselves when they attempt to add a new administrator. Various privilege levels are described in Table 15.

Table 15: vGW Series Administrators

Global Admin

Administrator with the highest level of system privileges, including the ability to create additional administrators. The global administrator can perform all operations in the product, including firewall installations and AntiVirus configurations. For example, he can select port groups and VMs for insertion and removal from a secured network.

VM Admin

Administrators who are allowed to have Modify policy and Settings permissions. This setting allows the administrator to change firewall security policies, including IDS, configure AntiVirus, and configure VM Introspection Compliance.

They can configure mirroring of inter-vm traffic, which is the ability to configure rules with external inspection devices.

Additionally, you can grant VM Admins the Install Firewall Policy privilege. This allows them to distribute a policy after it has been changed and saved by an administrator who has the privilege to modify security policies.

Network Monitoring

Administrators who can see all network related screens (for example, statistics and graphs), all tabs of the Main module, including Status and Events and Alerts, and Logs. These administrators cannot modify any Settings screens, but they can view IDS Alerts, if IDS is configured, view AntiVirus scans, and they can view but not modify VM Introspection and Compliance results.

Related Documentation