Device > Access Domain

  • Device > Access Domain
Configure access domains to restrict administrator access to specific virtual systems on the firewall. The firewall supports access domains only if you use a RADIUS, TACACS+, or SAML identity server (IdP) server to manage administrator authentication and authorization. To enable access domains, you must define:
When an administrator attempts to log in to the firewall, the firewall queries the external server for the access domain of the administrator. The external server returns the associated domain and the firewall then restricts the administrator to the virtual systems that you specified in the access domain. If the firewall does not use an external server for authenticating and authorizing administrators, the
Device
Access Domain
settings are ignored.
On Panorama, you can manage access domains locally or by using RADIUS VSAs, TACACS+ VSAs, or SAML attributes (see Panorama > Access Domains).
Access Domain Settings
Description
Name
Enter a name for the access domain (up to 31 characters). The name is case-sensitive and must be unique. Use only letters, numbers, hyphens, underscores, and periods.
Virtual Systems
Select virtual systems in the Available column and
Add
them.
Access Domains are only supported on firewalls that support virtual systems.

Related Documentation