Skip to main content

Managing Firewall with a Team

The Sharing function of Zenconsole enables collaborative management of your firewall by several users working together.

Zenconsole provides role-based, granular firewall management access restrictions. This not only enables the sharing of various firewalls with certain clients but also enables the assignment of rights for specific roles based on the individual's demands and degree of authorization.

Through Role-based Firewall Sharing, different customer employees (or partners) are delegated the ability to create policies, and rulesets, schedule reports, and manage firewall instances without having to request permissions or ask for the changes to be made, resulting in significant operational cost savings for the MSP.

Zenconsole - Sharing Firewall with a Team

Figure 1. Zenconsole - Sharing Firewall with a Team

To configure Sharing features, you may follow the steps given below:

  1. Select your firewall to share on Zenconsole.
  2. Settings menu on the left-hand sidebar.
  3. Click Sharing menu.
note

You can only share a node if you're the owner of it and if you have Premium subscriptions. For more information, please refer to plans & pricing.

tip

You can also easily share firewall groups with your team by creating a project on Zenconsole. You may add a project for each branch location or office if you are a business, or a managed service provider can create a project for each of their clients. Both Role-based Firewall Sharing and Project Sharing features result in significant operational cost savings for MSPs and MSSPs.

Zenarmor Firewall Delegation

Zenconsole provides a powerful delegation feature. As the owner of the firewall, you can delegate administration of the firewall to team members. There are four types of roles in Zenconsole:

1. Owner: This is the user who has created the firewall or whose Zenconsole account was used to register the firewall to the Zenconsole. The Owner has all rights on the node to manage and configure, like configuring packet engine status, changing firewall settings, and policy management. This user is the only one authorized to remove the firewall from Zenconsole.

2. Admin: This is one of the users who you shared your firewall with. This user has the highest level of firewall privileges. Admin has the same firewall access privileges as the Owner except for firewall deletion from Zenconsole. This user can perform all tasks required for

  • Engine management (start/stop engine, enter/exit bypass mode),
  • Policy management (add/delete/clone/configure a policy),
  • Firewall configuration (Setting name/location/tag for node, configuring reporting database and deployment mode, changing privacy settings, setting DNS enrichment for reports, exempting VLANs/Networks, enabling/disabling health check and block notification page, sharing node, managing subscriptions and API keys), and
  • Advanced reporting (Viewing, customizing report views and live sessions explorer).

3. Operator: This is one of the users who you shared your firewall with. Operators can configure the firewall and manage Zenarmor policies. The operator has the same firewall access privileges as the Admin except for firewall sharing.

4. Viewer: This is one of the users who you shared your firewall with. This user can view configurations, reports, and live sessions. Viewer does not have rights on the following tasks:

  • Deleting or sharing the node
  • Adding the node to a project
  • Managing Policies of the node
  • Changing Settings of the node
  • Changing the Status of the packet engine (start/stop the engine and enter/exit bypass mode)
Roles\PrivilegesAdd/Delete FWConfigure Engine StatusConfigure FW SettingsPolicy ManagementReports/Live Session Explorer
OwnerYESYESYESYESYES
Admin-YESYESYESYES
Operator--YES (except Sharing)YESYES
Viewer----YES

Table 1. Roles and Privileges on Zenconsole

Zenconsole -Invite People

Figure 2. Zenconsole -Invite People

Sharing Zenarmor Firewall

To share your Zenarmor next-generation firewall, you may follow the steps given below

  1. Click +Add User.
  2. On the pop-up window, type the email address of the invited person. Beware that the invited user must have an active Zenconsole account with this email address.
  3. Select the role, such as Owner, Admin, Operator, or Viewer.
  4. By default Notify user via email option is enabled. You may disable it by switching off the toggle.
  5. Click Send Invite.

You can see on the Sharing page who has access to this firewall.

Projects are listed also on the Sharing page. If your node belongs to a project you can find shared persons on this project. You can manage these users from the Projects settings.

Changing Role

Zenconsole allows you to change the role of the user who you shared your firewall with. To change a role of a user, you may follow the steps below:

  1. Click ... (3-dot) icon next to the user. This will open a drop-down menu.

    Zenconsole - Change Role - Remove User

    Figure 3. Zenconsole - Change Role - Remove User

  2. Click Change role. This will pop-up a window.

  3. Select the role, such as Owner, Admin, Operator or Viewer.

    Zenconsole - Changing Role

    Figure 4. Zenconsole - Changing Role

  4. Click Submit to save the changes.

Removing User

You may easily remove a user from your team on Zenconsole by following the steps below:

  1. Click ... (3-dot) icon next to the user. This will open a drop-down menu.

  2. Click Remove. This will pop up a window.

    Zenconsole - Remove User

    Figure 5. Zenconsole - Confirming Removal of a User

  3. Click Confirm to delete the user from your team.

Last updated on by Zenarmor