Manage requestors

Relevant for: Administrators

This topic describes how to manage FireFlow requestors.

FireFlow requestors can be managed by FireFlow administrators from the FireFlow Configuration area and the requestors database, and by AFA administrators from the AFA Administration area. Requestors can also be created in LDAP.

In this topic:

Manage requestors from AFA
Manage requestors from FireFlow
Requestor field reference
Manage FireFlow requestors from the requestor database
Manage FireFlow requestors from LDAP

Manage Requester Object Views: Watch to learn how to prevent requestors from seeing the list of suggested firewall objects.

Manage requestors from AFA

AFA administrators who are not FireFlow administrators can manage requestors via the AFA Web Interface. The procedure begins in AFA and you are transferred to FireFlow.

Do the following:

In the AFA Administration area, click the Users / Roles tab.

The User and Role Management page appears.
Click Manage FireFlow requestors.

The Select a user page appears, displaying the Requestors tab.
Click + New.

The Create Requestor dialog is displayed.
Complete the fields as needed. For details, see Requestor field reference.
Click OK.

Perform any of the following additional requestor management procedures, as needed:

Edit FireFlow requestors

Disable FireFlow requestors

Manage requestors from FireFlow

This procedure describes how to manage requestor users from the FireFlow administration area.

Do the following:

Log in to FireFlow for configuration purposes. For details, see Log in for configuration purposes.
In the main menu, click Configuration.

The FireFlow Configuration page appears.
Click Users.

The Select a user page appears, displaying the Requestors tab.
Click + New.

The Create Requestor dialog is displayed.
Complete the fields as needed. For details, see Requestor field reference.
Click OK.

Requestor field reference

The following fields are available in either the AFAAdministration area or the FireFlowConfiguration area.

General fields

Username	Type the requestor's username. Usernames can contain any alpha-numeric character and the following special characters: "@", "_", ".", or "-". This field is required.
Email	Type the requestor's email address.
Full Name	Type the requestor's full name.
Language	Select the desired FireFlow interface language. All fields will be displayed in the selected language.
Extra info	Type additional information about the requestor.
Enabled	Select this option to enable the requestor to access the Requestors Web Interface.

Access Control fields

Authentication

Select the type of authentication to use for this requestor:

Local: Authenticate the requestor against the local AFA user database.
Radius: Authenticate the requestor against a RADIUS server.
LDAP: Select this option to enable requestor authentication against an LDAP server.

New Password

Type a password for the requestor.

Passwords can contain any alpha-numeric character or any special character, excluding back ticks (`).

Retype Password

Re-type the same password you entered in the New Password field.

Location fields

Organization	Type the name of the requestor's organization.
Address 1	Type the requestor's primary mailing address.
Address 2	Type the requestor's secondary mailing address.
City	Type the requestor's city.
State	Type the requestor's state.
Zip	Type the requestor's zip code.
Country	Type the requestor's country.

Phone number fields

Home	Type the requestor's home telephone number.
Work	Type the requestor's work telephone number.
Mobile	Type the requestor's mobile telephone number.
Pager	Type the requestor's pager number.

Comment fields

Enter any additional comments about this requestor user.

Additional fields

If custom user fields are defined, this area displays the fields.

Complete the fields with the required information.

Manage FireFlow requestors from the requestor database

FireFlow provides a requestor management tool that enables you to add new requestors and edit existing requestors directly in the Requestor Database. The tool uses a REST API to access the Requestor Database. This same tool can be used to export a list of requestors.

Tip: FireFlow administrators can also export the current data into a CSV file. For details, see Exporting the Requestors Database.

Do the following:

Create a CSV file with which to update the Requestor Database.

For each requestor, the file should include the fields specified in CSV File Fields (see CSV File Fields).

Note: The fields are case-sensitive.

Note: You can save the file anywhere on the server.
Open a terminal, and log in using the username "root" and the related password.
Enter the following command:

/usr/share/fireflow/local/extras/update_requestors.pl {-fCSVFile -uUsername-pPassword [-t Timeout] [-sServerURL] | -iParametersFile}

For information on the command's flags, see Requestor Database Script Flags (see Requestor Database Script Flags).

CSV File Fields

In this field...	Specify this...
UserName	The user's username. Usernames can contain any alpha-numeric character and the following special characters: "@", "_", ".", or "-". This field is required.
NewUserName	A new username for the user. This field is only relevant when updating the Requestors Database.
Email	The user's email address.
Password	A password for the user. Passwords can contain any alpha-numeric character or any special character, excluding back ticks (`).
FullName	The user's full name.
HomePhone	The user's home telephone number.
Comments	Comments about this user. If the comments include a comma, line break, or quotation marks, you must enclose the comments in quotation marks.
Signature	A signature that should appear at the end of this user's messages.
Organization	The name of the user's organization.
Language	The desired FireFlow interface language. All fields will be displayed in the selected language.
ExtraInfo	Additional information about the user.
WorkPhone	The user's work telephone number.
PagerPhone	The user's pager number.
Address1	The user's primary mailing address.
Address2	The user's secondary mailing address.
City	The user's city.
State	The user's state.
Zip	The user's zip code.
Country	The user's country.
Authentication	The type of authentication to use for this user. This can have the following values: Local. Authenticate the user against the local AFA user database. If you select this option, you must include the Password field. Radius. Authenticate the user against a RADIUS server. LDAP. Authenticate the user against Microsoft Active Directory via LDAP.
MobilePhone	The user's mobile telephone number.
Disabled	Whether to enable the user to access the Requestors Web Interface. This can have the following values: 0. Enable access to the Requestors Web Interface. 1. Disable access to the Requestors Web Interface. The default value is 0.

Requestor Database Script Flags

Flag	Description
-fCSVFile	The full path and name of the CSV input file. This flag is relevant only when updating the Requestors Database.
-lCSVFile	The full path and name of the CSV output file. This flag is relevant only when exporting the Requestors Database.
-uUsername	The user name of an AlgoSec administrator with permissions to manage requestors.
-pPassword	The password of an AlgoSec administrator with permissions to manage requestors.
-a	Display all users, including disabled ones, in the CSV output file. This flag is relevant only when exporting the Requestors Database.
-t Timeout	The timeout in seconds for each HTTP request that the tool issues against the FireFlow server. The default value is 90.
-s ServerURL	The FireFlow server URL. The default value is https://localhost.
-iParametersFile	The parameters input file. When this flag is used, the requestors management tool will refer to a parameters input file for all flags. This is useful if you want to avoid typing a password in the command line. The parameters input file must be a text file, with each flag appearing on a different line.

Manage FireFlow requestors from LDAP

This procedure describes how to manage FireFlow requestor users from LDAP. Only users who are not defined in AlgoSec Firewall Analyzer can be considered requestors by FireFlow.

Do the following:

In AlgoSec Firewall Analyzer, go to the Administration page.
Click the Options tab, then click the Authentication tab.
Select LDAP as the Authentication Server.
In the Permitted Users area, add the DN of the users in the Users Under Base DN field.

The LDAP field MemberOf associates the user with an AlgoSec Firewall Analyzer role. Any user for which the LDAP field MemberOf is empty is automatically considered a requestor by FireFlow.

Manage requestors

Manage requestors from AFA

Manage requestors from FireFlow

Requestor field reference

Manage FireFlow requestors from the requestor database

Manage FireFlow requestors from LDAP

Sorry about that

Want to tell us more?

Great!