Select Device > Server Profiles > TACACS+ or Panorama > Server Profiles > TACACS+ to configure settings for the Terminal Access Controller Access-Control System Plus (TACACS+) servers that authentication profiles reference (see Device > Authentication Profile).
TACACS+ Server Setting Description
Profile Name Enter a name to identify the server profile (up to 31 characters). The name is case-sensitive and must be unique. Use only letters, numbers, spaces, hyphens, and underscores.
Location Select the scope in which the profile is available. In the context of a firewall that has more than one virtual system (vsys), select a vsys or select Shared (all virtual systems). In any other context, you can’t select the Location ; its value is predefined as Shared (for firewalls) or as Panorama. After you save the profile, you can’t change its Location.
Administrator Use Only Select this option to specify that only administrator accounts can use the profile for authentication. For multi-vsys firewalls, this option appears only if the Location is Shared.
Timeout Enter an interval in seconds after which an authentication request times out (range is 1–20; default is 3).
Use single connection for all authentication Select this option to use the same TCP session for all authentications. This option improves performance by avoiding the processing required to initiate and tear down a separate TCP session for each authentication event.
Servers Click Add and specify the following settings for each TACACS+ server: Name —Enter a name to identify the server. TACACS+ Server —Enter the IP address or FQDN of the TACACS+ server. Secret/Confirm Secret —Enter and confirm a key to verify and encrypt the connection between the firewall and the TACACS+ server. Port —Enter the server port (default is 49) for authentication requests.

Related Documentation