Device > Local User Database > Users

You can set up a local database on the firewall to store authentication information for firewall administrators , Authentication Portal end users , and end users who authenticate to a GlobalProtect portal and GlobalProtect gateway . Local database authentication requires no external authentication service; you perform all account management on the firewall. After creating the local database and (optionally) assigning the users to groups (see Device > Local User Database > User Groups), you can Device > Authentication Profile based on the local database.
You cannot configure Device > Password Profiles for administrative accounts that use local database authentication.
a local user to the database, configure the settings described in the following table.
Local User Settings
Enter a name to identify the user (up to 31 characters). The name is not case-sensitive and must be unique. Use only letters, numbers, spaces, hyphens, and underscores.
Select the scope in which the user account is available. In the context of a firewall that has more than one virtual system (vsys), select a vsys or select
(all virtual systems). In any other context, you can’t select the
; its value is predefined as Shared (
) or as Panorama. After you save the user account, you can’t change its
Use this field to specify the authentication option:
  • Password
    —Enter and confirm a password for the user.
  • Password Hash
    —Enter a hashed password string. This can be useful if, for example, you want to reuse the credentials for an existing Unix account but don’t know the plaintext password, only the hashed password. The firewall accepts any string of up to 63 characters regardless of the algorithm used to generate the hash value. The operational CLI command
    request password-hash password
    uses the MD5 algorithm when the firewall is in normal mode and the SHA256 algorithm when the firewall is in CC/FIPS mode.
Any Minimum Password Complexity parameters you set for the firewall (
) do not apply to accounts that use a
Password Hash
Select this option to activate the user account.

Recommended For You