End-of-Life (EoL)

Configure an Administrative Account

Administrative accounts specify roles and authentication methods for the administrators of Palo Alto Networks firewalls.
  1. (
    Optional
    ) Define password complexity and expiration settings for administrator accounts that are local to the firewall.
    These settings can help protect the firewall against unauthorized access by making it harder for attackers to guess passwords.
    You cannot configure these settings for local accounts that use a local database for authentication.
    1. Define global password complexity and expiration settings for all local administrators.
      1. Select
        Device
        Setup
        Management
        and edit the Minimum Password Complexity settings.
      2. Select
        Enabled
        .
      3. Define the password settings and click
        OK
        .
    2. Define a Password Profile if you want certain local administrators to have password expiration settings that override the global settings.
      1. Select
        Device
        Password Profiles
        and
        Add
        a profile.
      2. Enter a
        Name
        to identify the profile.
      3. Define the password expiration settings and click
        OK
        .
  2. Add an administrative account.
    1. Select
      Device
      Administrators
      and
      Add
      an administrator.
    2. Enter a user
      Name
      .
    3. Select an
      Authentication Profile
      or sequence if you configured either for the user.
      The default option (
      None
      ) specifies that the firewall will locally manage and authenticate the account without a local database. In this case, you must enter and confirm a
      Password
      .
    4. Select the
      Administrator Type
      . If you configured a custom role for the user, select
      Role Based
      and select the Admin Role
      Profile
      . Otherwise, select
      Dynamic
      (default) and select a dynamic role. If the dynamic role is
      virtual system administrator
      , add one or more virtual systems that the virtual system administrator is allowed to manage.
    5. (
      Optional
      ) Select a
      Password Profile
      for local administrators. This option is available only if you set the
      Authentication Profile
      to
      None
      .
    6. Click
      OK
      and
      Commit
      .

Recommended For You