Configure Kerberos Server Authentication
Table of Contents
Expand All
|
Collapse All
Next-Generation Firewall Docs
-
-
- Cloud Management of NGFWs
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
- PAN-OS 9.1 (EoL)
-
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
-
-
- Cloud Management and AIOps for NGFW
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1
- PAN-OS 11.2
- PAN-OS 8.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 9.1 (EoL)
Configure Kerberos Server Authentication
You can use Kerberos to
natively authenticate end users and firewall or Panorama administrators
to an Active Directory domain controller or a Kerberos V5-compliant
authentication server. This authentication method is interactive,
requiring users to enter usernames and passwords.
To use a Kerberos server for authentication,
the server must be accessible over an IPv4 address. IPv6 addresses
are not supported.
- Add a Kerberos server profile.The profile defines how the firewall connects to the Kerberos server.
- Select DeviceServer ProfilesKerberos or PanoramaServer ProfilesKerberos on Panorama™ and Add a server profile.Enter a Profile Name to identify the server profile.Add each server and specify a Name (to identify the server), IPv4 address or FQDN of the Kerberos Server, and optional Port number for communication with the server (default 88).If you use an FQDN address object to identify the server and you subsequently change the address, you must commit the change in order for the new server address to take effect.Click OK to save your changes to the profile.Assign the server profile to an Configure an Authentication Profile and Sequence.The authentication profile defines authentication settings that are common to a set of users.Assign the authentication profile to the firewall application that requires authentication.
- Administrative access to the web interface—Configure a Firewall Administrator Account and assign the authentication profile you configured.
- End user access to services and applications—Assign the authentication profile you configured to an authentication enforcement object and assign the object to Authentication policy rules. For the full procedure to configure authentication for end users, see Configure Authentication Policy.
Verify that the firewall can Test Authentication Server Connectivity to authenticate users.