Device > Access Domain
- Device > Access Domain
Configure access domains to restrict administrator access to specific virtual systems on the firewall. The firewall supports access domains only if you use a RADIUS, TACACS+, or SAML identity server (IdP) server to manage administrator authentication and authorization. To enable access domains, you must define:
When an administrator attempts to log in to the firewall, the firewall queries the external server for the access domain of the administrator. The external server returns the associated domain and the firewall then restricts the administrator to the virtual systems that you specified in the access domain. If the firewall does not use an external server for authenticating and authorizing administrators, the DeviceAccess Domain settings are ignored.
On Panorama, you can manage access domains locally or by using RADIUS VSAs, TACACS+ VSAs, or SAML attributes (see Panorama > Access Domains).
Access Domain Settings
Enter a name for the access domain (up to 31 characters). The name is case-sensitive and must be unique. Use only letters, numbers, hyphens, underscores, and periods.
Select virtual systems in the Available column and Add them.
Access Domains are only supported on firewalls that support virtual systems.
Access Domains Access domains control administrative access to specific Device Groups and templates , and also control the ability to switchcontext to the web interface ...
Administrative Authentication You can configure the following types of authentication and authorization (role and access domain assignment) for firewall administrators: Authentication Method Authorization Method Description ...
Administrative Authentication You can configure the following types of authentication and authorization ( Administrative Roles and Access Domains ) for Panorama administrators: Authentication Method Authorization ...
Configure an Authentication Profile
Authentication Profile Device > Authentication Profile Select Device Authentication Profile or Panorama Authentication Profile to manage authentication profiles. To create a new profile, Add one ...
TACACS+ User Account Management
TACACS+ User Account Management You can now use Terminal Access Controller Access-Control System Plus ( TACACS+ ) Vendor-Specific Attributes (VSAs) to manage firewall and Panorama ...
Configure RADIUS Authentication
Configure RADIUS Authentication You can configure RADIUS authentication for end users and firewall or Panorama administrators. For administrators, you can use RADIUS to manage authorization ...
Panorama > Access Domains
Panorama > Access Domains Access domains control the access that Device Group and Template administrators have to specific device groups (to manage policies and objects), ...
Configure Local or External Authentication for Panorama Administrators
Configure Local or External Authentication for Panorama Administrators You can use an external authentication service or the service that is local to Panorama to authenticate ...
Authentication Features New Authentication Features Description SAML 2.0 Authentication The firewall and Panorama™ can now function as Security Assertion Markup Language (SAML) 2.0 service providers ...