How to switch from non-config mode to full configuration mode while accessing SonicWall Management
10/14/2021 1,074 People found this article helpful 486,467 Views
Description
How to switch from non-config mode to full configuration mode while accessing SonicWall Management Interface in SonicOS Enhanced?
Resolution
Resolution for SonicOS 6.5
This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.
Overview / Scenario:
SonicOS Enhanced release 4.0 introduced support for multiple concurrent administrators. This feature allows for multiple users to log-in with full administrator privileges. In addition to using the default admin user name, additional administrator usernames can be created.
Because of the potential for conflicts caused by multiple administrators making configuration changes at the same time, only one administrator is allowed to make configuration changes. The additional administrators are given full access to the GUI, but they cannot make configuration changes.
Configuration Modes
In order to allow multiple concurrent administrators, while also preventing potential conflicts caused by multiple administrators making configuration changes at the same time, the following configuration modes have been defined:
• Configuration mode - Administrator has full privileges to edit the configuration. If no administrator is already logged into the appliance, this is the default behavior for administrators with full and limited administrator privileges (but not read-only administrators).
Note: Administrators with full configuration privilege can also log in using the Command Line Interface (CLI).
• Read-only mode - Administrator cannot make any changes to the configuration, but can view the browse the entire management UI and perform monitoring actions. Only administrators that are members of the SonicWall Read-Only Admins user group are given read-only access, and it is the only configuration mode they can access.
• Non-configuration mode - Administrator can view the same information as members of the read-only group and they can also initiate management actions that do not have the potential to cause configuration conflicts.
Procedure:
Only administrators that are members of the SonicWall Administrators user group can access non-configuration mode. This mode can be entered when another administrator is already in configuration mode and the new administrator chooses not to preempt the existing administrator. By default, when an administrator is preempted out of configuration mode, he or she is converted to non-configuration mode.
To switch from non-config mode to full configuration mode, perform the following steps:
Step 1: Click Manage in the top navigation menu.
Step 2: Navigate to the System Setup | Appliance | Base Settings page.
Step 3: In the Web Management Settings section, click on the Configuration mode button. If there is not currently an administrator in configuration mode, you will automatically be entered into configuration mode.
Step 3: If another administrator is in configuration mode, the following message displays.
Step 4: Click the Config button to enter configuration mode. The current administrator is converted to read-only mode and you are given full administrator access.
Viewing Multiple Administrator Related Log Messages
Log messages are generated for the following events:
• A GUI or CLI user begins configuration mode (including when an admin logs in).
• A GUI or CLI user ends configuration mode (including when an admin logs out).
• A GUI user begins management in non-config mode (including when an admin logs in and when a user in configuration mode is preempted and dropped back to read-only mode).
• A GUI user begins management in read-only mode.
• A GUI user terminates either of the above management sessions (including when an admin logs out).
See Also:
UTM: How Does Multiple Administrators Support Work in SonicOS Enhanced?
UTM: How to Configure Additional Administrators User Profiles in SonicOS Enhanced?
UTM: How to Configure Additional Administrators Locally when Using LDAP or RADIUS in SonicOS Enhanced?
Resolution for SonicOS 6.2 and Below
The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.
Overview / Scenario:
SonicOS Enhanced release 4.0 introduced support for multiple concurrent administrators. This feature allows for multiple users to log-in with full administrator privileges. In addition to using the default admin user name, additional administrator username can be created.
Because of the potential for conflicts caused by multiple administrators making configuration changes at the same time, only one administrator is allowed to make configuration changes. The additional administrators are given full access to the GUI, but they cannot make configuration changes.
Configuration Modes
In order to allow multiple concurrent administrators, while also preventing potential conflicts caused by multiple administrators making configuration changes at the same time, the following configuration modes have been defined:
• Configuration mode - Administrator has full privileges to edit the configuration. If no administrator is already logged into the appliance, this is the default behavior for administrators with full and limited administrator privileges (but not read-only administrators).
Note: Administrators with full configuration privilege can also log in using the Command Line Interface (CLI).
• Read-only mode - Administrator cannot make any changes to the configuration, but can view the browse the entire management UI and perform monitoring actions. Only administrators that are members of the SonicWall Read-Only Admins user group are given read-only access, and it is the only configuration mode they can access.
• Non-configuration mode - Administrator can view the same information as members of the read-only group and they can also initiate management actions that do not have the potential to cause configuration conflicts.
Procedure:
Only administrators that are members of the SonicWall Administrators user group can access non-configuration mode. This mode can be entered when another administrator is already in configuration mode and the new administrator chooses not to preempt the existing administrator. By default, when an administrator is preempted out of configuration mode, he or she is converted to non-configuration mode. On the System > Administration page, this behavior can be modified so that the original administrator is logged out.
To switch from non-config mode to full configuration mode, perform the following steps:
Step 1: Navigate to the System > Administration page.
Step 2: In the Web Management Settings section, click on the Configuration mode button. If there is not currently an administrator in configuration mode, you will automatically be entered into configuration mode.
Step 3: If another administrator is in configuration mode, the following message displays.
Step 4: Click the Continue button to enter configuration mode. The current administrator is converted to read-only mode and you are given full administrator access.
Viewing Multiple Administrator Related Log Messages
Log messages are generated for the following events:
• A GUI or CLI user begins configuration mode (including when an admin logs in).
• A GUI or CLI user ends configuration mode (including when an admin logs out).
• A GUI user begins management in non-config mode (including when an admin logs in and when a user in configuration mode is preempted and dropped back to read-only mode).
• A GUI user begins management in read-only mode.
• A GUI user terminates either of the above management sessions (including when an admin logs out).
See Also:
UTM: How Does Multiple Administrators Support Work in SonicOS Enhanced?
UTM: How to Configure Additional Administrators User Profiles in SonicOS Enhanced?
UTM: How to Configure Additional Administrators Locally when Using LDAP or RADIUS in SonicOS Enhanced?
Source: SonicOS Enhanced 5.0 Multiple Administrators Feature Module
Related Articles
Categories