7.4.2. Assigning firewall profiles to user accesses

With eurephiadm you can assign firewall profiles both when adding a new user-certificate link and modifying an existing user-certificate link.

7.4.2.1. Assigning when establishing a new user-certificate link

This is done by adding the --accessprofile option in addition to the --certid and --uid options when establishing the user-certificate link. The --accessprofile option requires the numeric ID to the corresponding firewall access profile we want to use.

user@host:~ $ eurephiadm usercerts --help --add
The add mode will register a new link between a user account and a certificate.

     -c | --certid         Required - Certificate ID
     -i | --uid            Required - User accound ID
     -a | --accessprofile  Firewall profile ID to use for this access

user@host:~ $

Our user, John Doe, has not been setup with any user-certificate link yet, so lets do that. As he is the administrator, lets give him full access via the vpn_all_srv firewall profile.

user@host:~ $ eurephiadm usercerts --add --certid 4 --uid 1 --accessprofile 2
eurephia::UserCerts: Registered new user-cert link with id 4
user@host:~ $