Manage requestors

Relevant for: Administrators

This topic describes how to manage FireFlow requestors.

FireFlow requestors can be managed by FireFlow administrators from the FireFlow Configuration area and the requestors database, and by AFA administrators from the AFA Administration area. Requestors can also be created in LDAP.

Manage Requester Object Views: Watch to learn how to prevent requestors from seeing the list of suggested firewall objects.

Manage requestors from AFA

AFA administrators who are not FireFlow administrators can manage requestors via the AFA Web Interface. The procedure begins in AFA and you are transferred to FireFlow.

Do the following:

  1. In the AFA Administration area, click the Users / Roles tab.

    The User and Role Management page appears.

  2. Click Manage FireFlow requestors.

    The Select a user page appears, displaying the Requestors tab.

  3. Click + New.

    The Create Requestor dialog is displayed.

  4. Complete the fields as needed. For details, see Requestor field reference.

  5. Click OK.

Perform any of the following additional requestor management procedures, as needed:

Back to top

Manage requestors from FireFlow

This procedure describes how to manage requestor users from the FireFlow administration area.

Do the following:

  1. Log in to FireFlow for configuration purposes. For details, see Log in for configuration purposes.
  2. In the main menu, click Configuration.

    The FireFlow Configuration page appears.

  3. Click Users.

    The Select a user page appears, displaying the Requestors tab.

  4. Click + New.

    The Create Requestor dialog is displayed.

  5. Complete the fields as needed. For details, see Requestor field reference.

  6. Click OK.

Back to top

Requestor field reference

The following fields are available in either the AFAAdministration area or the FireFlowConfiguration area.

General fields

Username

Type the requestor's username.

Usernames can contain any alpha-numeric character and the following special characters: "@", "_", ".", or "-".

This field is required.

Email

Type the requestor's email address.

Full Name

Type the requestor's full name.

Language

Select the desired FireFlow interface language.

All fields will be displayed in the selected language.

Extra info

Type additional information about the requestor.

Enabled

Select this option to enable the requestor to access the Requestors Web Interface.

Access Control fields

Authentication

Select the type of authentication to use for this requestor:

  • Local: Authenticate the requestor against the local AFA user database.
  • Radius: Authenticate the requestor against a RADIUS server.
  • LDAP: Select this option to enable requestor authentication against an LDAP server.

New Password

Type a password for the requestor.

Passwords can contain any alpha-numeric character or any special character, excluding back ticks (`).

Retype Password

Re-type the same password you entered in the New Password field.

Location fields

Organization

Type the name of the requestor's organization.

Address 1

Type the requestor's primary mailing address.

Address 2

Type the requestor's secondary mailing address.

City

Type the requestor's city.

State

Type the requestor's state.

Zip

Type the requestor's zip code.

Country

Type the requestor's country.

Phone number fields

Home

Type the requestor's home telephone number.

Work

Type the requestor's work telephone number.

Mobile

Type the requestor's mobile telephone number.

Pager

Type the requestor's pager number.

Comment fields

Enter any additional comments about this requestor user.

Additional fields

If custom user fields are defined, this area displays the fields.

Complete the fields with the required information.

Back to top

Manage FireFlow requestors from the requestor database

FireFlow provides a requestor management tool that enables you to add new requestors and edit existing requestors directly in the Requestor Database. The tool uses a REST API to access the Requestor Database. This same tool can be used to export a list of requestors.

Tip: FireFlow administrators can also export the current data into a CSV file. For details, see Exporting the Requestors Database.

Do the following:

  1. Create a CSV file with which to update the Requestor Database.

    For each requestor, the file should include the fields specified in CSV File Fields (see CSV File Fields).

    Note: The fields are case-sensitive.

    Note: You can save the file anywhere on the server.

  2. Open a terminal, and log in using the username "root" and the related password.

  3. Enter the following command:

    /usr/share/fireflow/local/extras/update_requestors.pl  {-fCSVFile -uUsername-pPassword  [-t Timeout] [-sServerURL] | -iParametersFile}

    For information on the command's flags, see Requestor Database Script Flags (see Requestor Database Script Flags).

Back to top

Manage FireFlow requestors from LDAP

This procedure describes how to manage FireFlow requestor users from LDAP. Only users who are not defined in AlgoSec Firewall Analyzer can be considered requestors by FireFlow.

Do the following:

  1. In AlgoSec Firewall Analyzer, go to the Administration page.
  2. Click the Options tab, then click the Authentication tab.
  3. Select LDAP as the Authentication Server.
  4. In the Permitted Users area, add the DN of the users in the Users Under Base DN field.

The LDAP field MemberOf associates the user with an AlgoSec Firewall Analyzer role. Any user for which the LDAP field MemberOf is empty is automatically considered a requestor by FireFlow.

Back to top