Learn how to configure firewall administrator accounts in PAN-OS, including setting
up administrative access, authentication, and user permissions for NGFW
management.
| Where Can I Use This? | What Do I Need? |
|---|
| NGFW (Managed by PAN-OS or Panorama) |
|
Administrative accounts specify
roles and authentication methods for firewall
administrators. The service that you use to assign roles and perform authentication
determines whether you add the accounts on the firewall, on an external server, or
both (see
Administrative
Authentication). If the authentication method relies on a local firewall
database or an external service, you must configure an authentication profile before
adding an administrative account (see
Configure
Administrative Accounts and Authentication). If you already configured
the authentication profile or you will use
Local
Authentication without a firewall database, perform the following steps
to add an administrative account on the firewall.
Create a separate administrative account
for each person who needs access to the administrative or reporting
functions of the firewall. This enables you to better protect the
firewall from unauthorized configuration and enables logging of
the actions of individual administrators.
Make sure you are following
the
Adminstrative Access Best Practices to
ensure that you are securing administrative access to your firewalls
and other security devices in a way that prevents successful attacks.
