-
Products
-
SonicPlatform
SonicPlatform is the cybersecurity platform purpose-built for MSPs, making managing complex security environments among multiple tenants easy and streamlined.
Discover More
-
-
Solutions
-
Federal
Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn MoreFederalProtect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn More - Industries
- Use Cases
-
-
Partners
-
Partner Portal
Access to deal registration, MDF, sales and marketing tools, training and more
Learn MorePartner PortalAccess to deal registration, MDF, sales and marketing tools, training and more
Learn More - SonicWall Partners
- Partner Resources
-
-
Support
-
Support Portal
Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn MoreSupport PortalFind answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn More - Support
- Resources
- Capture Labs
-
- Company
- Contact Us
Access rights for administrators
07/12/2023 
239 People found this article helpful
495,311 Views
Description
What are the access rights available for the different administrator and which zone(s) can they login from?
Resolution
Resolution for SonicOS 7.X
This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.
SonicWall appliance provides a default build-in administrator account (Username: admin; Password: password ). When logging in the firewall with this default account and navigate to Device | Users | Local Users & Groups page, you can see another four administrators groups (SonicWall Administrators, Limited Administrators, SonicWall Read-Only Admins and Guest Administrators).
These five administrators can be classified into four configuration modes (Full Admin, Read-only Admin, Limited Admin, Guest Admin).
- Build-in Administrator : Full admin
- SonicWall Administrator: Full admin
- Limited Administrator: Limited Admin
- SonicWall Read-Only Admin: Read-Only Admin
- Guest Administrators: Guest Admin (Guest management only)
Which zone(s) can these administrators access from?
| Zone | Full admin | Limited Admin | Read-Only Admin | Guest Admin |
| WAN | X | X | X | |
| LAN | X | X | X | X |
| DMZ | X | X | X | X |
| WLAN | X | X | X | X |
| VPN | X | X | X | X |
| SSLVPN | X | X | X | X |
What are the access rights available for the different administrator?
| Function | Full Admin in config mode | Full Admin in non-config mode | Read-only Admin | Limited Admin | Guest Admin |
| Import certificates | X | ||||
| Generate certificate sign- ing requests | X | ||||
| Export certificates | X | ||||
| Export appliance settings | X | X | X | ||
| Download TSR | X | X | X | ||
| Use other diagnostics | X | X | X | ||
| Configure network | X | X | |||
| Flush ARP cache | X | X | X | ||
| Setup DHCP Server | X | ||||
| Renegotiate VPN tunnels | X | X | |||
| Log users off | X | X | X guest users only | X guest users only | |
| Unlock locked-out users | X | X | |||
| Clear log | X | X | X | ||
| Filter logs | X | X | X | X | |
| Export log | X | X | X | X | |
| Email log | X | X | X | ||
| Configure log categories | X | X | X | ||
| Configure log settings | X | X | |||
| Generate log reports | X | X | X | ||
| Browse the full UI | X | X | X | ||
| Generate log reports | X | X | X | ||
| Using CLI | X | X |
NOTE: This table does not include all functions available to limited administrators,Guest admin can only browse and manage guest related functions.
TIP: Non-configuration mode can be entered when another administrator is already in configuration mode and the new administrator chooses not to preempt the existing administrator.
Priority for preempting administrators?
- The build-in admin and SonicWall global management system (GMS) both have the highest priority and can preempt any users.
- A user that is a member of the SonicWall administrators (Full admin) can preempt any users except for the build-in admin and SonicWall GMS.
- A user that is a member of the Limited Administrators can only preempt other members of the Limited Administrators group
Resolution for SonicOS 6.5
This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.
SonicWall appliance provides a default build-in administrator account (Username: admin; Password: password ). When logging in the firewall with this default account and navigate to Manage | Users | Local Users & Groups page, you can see another four administrators groups (SonicWall Administrators, Limited Administrators, SonicWall Read-Only Admins and Guest Administrators).
These five administrators can be classified into four configuration modes (Full Admin, Read-only Admin, Limited Admin, Guest Admin).
- Build-in Administrator : Full admin
- SonicWall Administrator: Full admin
- Limited Administrator: Limited Admin
- SonicWall Read-Only Admin: Read-Only Admin
- Guest Administrators: Guest Admin (Guest management only)
Which zone(s) can these administrators access from?
| Zone | Full admin | Limited Admin | Read-Only Admin | Guest Admin |
| WAN | X | X | X | |
| LAN | X | X | X | X |
| DMZ | X | X | X | X |
| WLAN | X | X | X | X |
| VPN | X | X | X | X |
| SSLVPN | X | X | X | X |
What are the access rights available for the different administrator?
| Function | Full Admin in config mode | Full Admin in non-config mode | Read-only Admin | Limited Admin | Guest Admin |
| Import certificates | X | ||||
| Generate certificate sign- ing requests | X | ||||
| Export certificates | X | ||||
| Export appliance settings | X | X | X | ||
| Download TSR | X | X | X | ||
| Use other diagnostics | X | X | X | ||
| Configure network | X | X | |||
| Flush ARP cache | X | X | X | ||
| Setup DHCP Server | X | ||||
| Renegotiate VPN tunnels | X | X | |||
| Log users off | X | X | X guest users only | X guest users only | |
| Unlock locked-out users | X | X | |||
| Clear log | X | X | X | ||
| Filter logs | X | X | X | X | |
| Export log | X | X | X | X | |
| Email log | X | X | X | ||
| Configure log categories | X | X | X | ||
| Configure log settings | X | X | |||
| Generate log reports | X | X | X | ||
| Browse the full UI | X | X | X | ||
| Generate log reports | X | X | X | ||
| Using CLI | X | X |
NOTE: This table does not include all functions available to limited administrators,Guest admin can only browse and manage guest related functions.
TIP: Non-configuration mode can be entered when another administrator is already in configuration mode and the new administrator chooses not to preempt the existing administrator.
Priority for preempting administrators?
- The build-in admin and SonicWall global management system (GMS) both have the highest priority and can preempt any users.
- A user that is a member of the SonicWall administrators (Full admin) can preempt any users except for the build-in admin and SonicWall GMS.
- A user that is a member of the Limited Administrators can only preempt other members of the Limited Administrators group
Related Articles
- How to Block Google QUIC Protocol on SonicOSX 7.0?
- How to block certain Keywords on SonicOSX 7.0?
- How internal Interfaces can obtain Global IPv6 Addresses using DHCPv6 Prefix Delegation
Categories
- Firewalls > NSa Series > Firewall Management
- Firewalls > TZ Series > Firewall Management UI
- Firewalls > NSv Series > Firewall Management
YES
NO