Administrative Access Best Practices

Best practices for securing administrative access and traffic to management networks and interfaces.
No network security system is secure if you don’t lock down administrative access to network devices. This is especially true for firewalls and security management devices such as Panorama because they are the gatekeepers and protectors of your network. Attackers who gain administrative access to these devices can reconfigure them in order to permit malicious access to your network remotely, facilitate the distribution of malware to endpoints, and even lock you out of your own network.
To safeguard your network from such attacks, follow the best practices in this document—scan administrative traffic for threats, and secure administrator and programmatic access to device management, the management network, and the management interface.
This document contains a streamlined checklist of planning, deployment, and maintenance best practices so that you can secure administrative access to your PAN-OS firewall and Panorama devices. Each section includes links to detailed information in the PAN-OS Admin Guide that shows how to configure different aspects of administrative access in case you’re not familiar with some of the procedures.
This best practice guide is written from the point-of-view of a new deployment to show how to create a secure management network and configure secure access to firewall and Panorama management interfaces. However, many enterprises have an existing management security strategy and implementation. For existing deployments, these are the recommended best practices to migrate to and to keep in mind if you overhaul your management network security. If you haven’t adopted these best practices in an existing framework, adopt them if possible to tighten security around administrative access.

Recommended For You