Adding an Administrator

[ttpm123]

Let me start by saying I'm a newbie at security and CP in particular. I have inherited several firewalls. No support contract and no training.

I am trying to add an new admin so he can use SmartDashboard. I was added as an admin by our former security admin under R55. It was upgraded to R60 prior to his moving on.

Under R55, he ran cpconfig, added me as an admin (login, pwd), added my login to /etc/ssh/securid_users, ran useradd, added my login to passwd and groups and made a directory for my login.

I did this for the new guy and then ran cpconfig and saw I cannot add an admin this way under R60 - I should use SmartDashboard. Seems straightforward but I have a question:

1. I can only use SmartDashboard myself while VPN'd with a SC static NAT. A rule allows me to connect to our VPN FW with this and then I can login to either of our management servers. If I define admin access in SmartDashboard for the new guy from 'any' do I need to also setup a static NAT for him?

I'm confused by this so I apologize if my question is a bit fuzzy.

[gavvys]

Hi
Why you are getting so much confused.
Adding a administrator is not a big thing.
From CPCONFIG you can add only one administrator but if you want to add another admin then you have to add that in SmartDashboard.Just right click on administrator and click new and you can give him read/write rights also.

I hope this will help you.
If you have any query let me know.
Regards
Ranjit

[ttpm123]

OK, beneath 'Administrator' is an object 'cpconfig_administrators'. In 'cpconfig_administrators' are myself and boss (who has been out of STD for months). When I right-click 'Administrator' and choose New Administrator, add name and permissions and go to the next tab, a pop-up says 'name already used'. This is the name of the 3rd admin I WANT to add. Where would he be defined elsewhere? He does not have admin priv - login fails.

I am assuming it's from the files I added him to under the mistaken R55 process. But it is odd that the FW would read those files, see his credentials and not allow access. Seems it should not recognize the additional entry at all.

[Thorpuse]

There's probably a legacy cpconfig administrator from before you performed your upgrade. Run cpconfig from command prompt and list the administrators there. Delete all that are not required, and re-create them in the Dashboard.