End-of-Life (EoL)

Configure RADIUS Vendor-Specific Attributes for Administrator Authentication

The following procedure provides an overview of the tasks required to use RADIUS Vendor-Specific Attributes (VSAs) for administrator authentication to Palo Alto Networks firewalls. For detailed instructions, refer to the following Knowledge Base articles:
Before starting this procedure, you must:
  • Create the administrative accounts in the directory service that your network uses (for example, Active Directory).
  • Set up a RADIUS server that can communicate with that directory service.
  1. Configure the firewall.
    1. Configure an Admin Role Profile if the administrator will use a custom role.
    2. Configure an access domain if the firewall has more than one virtual system (vsys):
      1. Select
        Device
        Access Domain
        ,
        Add
        an access domain, and enter a
        Name
        to identify the access domain.
      2. Add
        each vsys that the administrator will access, and then click
        OK
        .
    3. Configure an authentication profile. Set the authentication
      Type
      to
      RADIUS
      and assign the RADIUS
      Server Profile
      .
    4. Configure the firewall to use the authentication profile for administrator access—Select
      Device
      Setup
      Management
      , edit the Authentication Settings, and select the
      Authentication Profile
      .
    5. Click
      OK
      and
      Commit
      .
  2. Configure the RADIUS server.
    1. Add the firewall IP address or hostname as the RADIUS client.
    2. Define the VSAs for administrator authentication. You must specify the vendor code (25461 for Palo Alto Networks firewalls) and the VSA name, number, and value: see RADIUS Vendor-Specific Attributes Support.
      When configuring the advanced vendor options on a Cisco ACS, you must set both the
      Vendor Length Field Size
      and
      Vendor Type Field Size
      to
      1
      . Otherwise, authentication will fail.

Recommended For You