Professional Documents
Culture Documents
Enhanced? (SW6169)
Title
Gen5: NSA E7500, NSA E6500, NSA E5500, NSA 5000, NSA 4500, NSA 3500, NSA 2400, NSA 240
Gen4: PRO series: PRO 5060, PRO 4100, PRO 4060,PRO 3060, PRO 2040, PRO 1260
TZ series: TZ 190, TZ 190 Wireless, TZ 210, TZ 210 W.
Affected Firmware versions:All Gen5 and Gen4 firmware versions (SonicOS Enhanced 4.0 and
above)
Affected Services: User Management (Multiple SonicWALLAdministrator Accounts)
Overview / Scenario:
SonicOS Enhanced release 4.0 introduced support for multiple concurrent administrators. This
feature allows for multiple users to log-in with full administrator privileges. In addition to using the
default admin user name, additional administrator usernames can be created.
Because of the potential for conflicts caused by multiple administrators making configuration
changes at the same time, only one administrator is allowed to make configuration changes. The
additional administrators are given full access to the GUI, but they cannot make configuration
changes.
Please Note: Administrators with full configuration privilege can also log in using the Command Line
Interface (CLI).
Procedure:
1:
2:
3:
4:
While logged in as admin, navigate to the Users > Local Users page.
Click the Add User button.
Enter a Name and Password for the user.
Click on the Group Membership tab.
Step 5: Select the appropriate group to give the user Administrator privileges:
Limited Administrators - The user has limited administrator configuration privileges.
SonicWALL Administrators - The user has full administrator configuration privileges.
SonicWALL Read-Only Admins - The user can view the entire management interface, but
cannot make any changes to the configuration.
Step 6: Click the right arrow button and click OK.
Step 7: To configure the multiple administrator feature such that administrators are logged out
when they are preempted, navigate to the System > Administration page.
Step 8: Select the Log out radio button for the On preemption by another administrator option
and click Accept.
Preempting Administrators
When an administrator attempts to log in while another administrator is logged in, the following
message is displayed. The message displays the current administrators user name, IP address, phone
number (if it can be retrieved from LDAP), and whether the administrator is logged in using the GUI
or CLI.
When logging in as a user with administrator rights (that is not the admin user), the User Login
Status popup window is displayed.
If you want some user accounts to be administrative only, while other users need to log in for
privileged access through the appliance, but also with the ability to administer it (that is, some go
straight to the management interface on login, while others get the User Login Status popup window
with a Manage button), this can be achieved as follows:
Step 1 Create a local group with the Members go straight to the management UI on web login
checkbox selected.
Step 2 Add the group to the relevant administrative group, but do not select this checkbox in the
administrative group.
Step 3 Add those user accounts that are to be administrative-only to the new user group. The User
Login Status popup window is disabled for these users.
Step 4 Add the user accounts that are to have privileged and administrative access directly to the
top-level administrative group.
Viewing Multiple Administrator Related Log Messages
Log messages are generated for the following events:
A GUI or CLI user begins configuration mode (including when an admin logs in).
A GUI or CLI user ends configuration mode (including when an admin logs out).
A GUI user begins management in non-config mode (including when an admin logs in and when a
user in configuration mode is preempted and dropped back to read-only mode).
A GUI user begins management in read-only mode.
A GUI user terminates either of the above management sessions (including when an admin logs
out).
See Also:
UTM: How Does Multiple Administrators Support Work in SonicOS Enhanced?
(https://support.software.dell.com/KBArticleImages/sonicwallkb/ext/kbdetail.aspx?kbid=6178)
(https://support.software.dell.com/KBArticleImages/sonicwallkb/csr/csr/kbdetail.asp?kbid=6169)
UTM: How to Configure Additional Administrators Locally when Using LDAP or RADIUS in SonicOS
Enhanced? (https://support.software.dell.com/KBArticleImages/sonicwallkb/ext/kbdetail.aspx?
kbid=6179)
UTM: How toswith from non-configmode to full configuration mode while access SonicWALL
Management Interfacein SonicOS Enhanced?
(https://support.software.dell.com/KBArticleImages/sonicwallkb/ext/kbdetail.aspx?kbid=6170)
Source: SonicOS Enhanced 5.0 Multiple Administrators Feature Module