8. Create the local Realm and import the userlist into it:
sg#(config) security local create-realm localsgrealm
sg#(config) security local edit-realm localsgrealm
sg#(config local localsgrealm) local-user-list mysgusers
sg#(config local localsgrealm) exit
9. You have finished the CLI portion of setting up the Local realm, exit the CLI completely.
10. Login to the SG Management Console as the admin user, confirm that the localrealm is there, go to:
Configuration > Authentication > Local
Local Realms should list the local realm created through the CLI: localsgrealm
11. Confirm the userlist was imported into the Realm, click on the Local Main tab:
12. Create two rules, one for each group by going into the Visual Policy Manager:
Configuration > Policy > Visual Policy Manager
And add a new Admin Access Layer:
Right click on Source > Select Set > New > Group…
Enter the name of the administrators group (sgadmins)
Then press OK.
Note: you will not be able to browse the realm to choose a group, the name of the group has to be entered manually and has to match one of the groups created through CLI in the previous steps.
13. Tell the rule what level of access that group will have:
right click on Action column and select
“Allow Read/Write Access”
14. Repeate the same process for the sgtechs group, for this example this group will have Read-only access.
Now the Admin Access Layer should look like this:
15. Next add a new Admin Authentication Layer.
16. If you want to limit access to the Proxy SG Management Console a specific IP address, subnet or hostname:
Right click on source > Set > New
IP Adress 10.78.1.130 (example only)
Subnet mask: 255.255.255.255 (example only)
Close > OK
17. Next is to require authentication to the local realm created through the CLI:
Right click on Action > Set > New > Authenticate
The realm created through the CLI should be available from the pulldown list
OK > OK
18. The Authentication Layer should look like this now:
19. Click on Install Policy, should install succesfully with no warnings.
20. Test the setup:
Logout of the Management Console and login again, at pop-up login prompt enter one of the tech logins to test the (read only access)
To confirm this user only has read access try making a change to any of the proxy settings, for example:
Configuration > General > Identification
Change the Appliance name to something else – notice the Apply button is grayed out and cannot be used:
Logout and login as one of the admin users and repeate the test, the Apply button should be available now.
Note: in SGOS v4.x the local realm attributes (Read/Write or Read-only) work for both HTTP and HTTPS console access alike. SGOS v5.x and later allows further control by allowing to specify groups/user to a specific console access type; HTTP or HTTPS.
Imported Document ID: 000008708
Subscribing will provide email updates when this Article is updated. Login is required.