Configure Local Database Authentication
Table of Contents
Expand All
|
Collapse All
Next-Generation Firewall Docs
-
-
- Cloud Management of NGFWs
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
- PAN-OS 9.1 (EoL)
-
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
-
-
- Cloud Management and AIOps for NGFW
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1
- PAN-OS 11.2
- PAN-OS 8.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 9.1 (EoL)
Configure Local Database Authentication
You can configure a user database that is
local to the firewall to authenticate administrators who access
the firewall web interface and to authenticate end users who access
applications through Authentication Portal or GlobalProtect. Perform
the following steps to configure Local
Authentication with a local database.
Configuring new minimum password complexity settings (DeviceSetup) or modifying an existing minimum password complexity settings
does not apply retroactively to existing local data base user accounts.
If you create or modify the minimum password complexity settings, you must re-add
the existing local database administrator accounts so the passwords comply with
the minimum password complexity settings.
External
Authentication Services are usually preferable to local authentication
because they provide the benefit of central account management.
- Add the user account to the local database.
- Select DeviceLocal User DatabaseUsers and click Add.Enter a user Name for the administrator.Enter a Password and Confirm Password or enter a Password Hash.Enable the account (enabled by default) and click OK.Add the user group to the local database.Required if your users require group membership.
- Select DeviceLocal User DatabaseUser Groups and click Add.Enter a Name to identify the group.Add each user who is a member of the group and click OK.Configure an authentication profile.The authentication profile defines authentication settings that are common to a set of users. Set the authentication Type to Local Database.Assign the authentication profile to an administrator account or to an Authentication policy rule for end users.
- Administrators—Configure
a Firewall Administrator Account:Specify the Name of a user you defined earlier in this procedure.Assign the Authentication Profile that you configured for the account.
- End users—For the full procedure to configure authentication for end users, see Configure Authentication Policy.
Verify that the firewall can Test Authentication Server Connectivity to authenticate users.