Configure access domains to restrict administrator access to
specific virtual systems on the firewall. The firewall supports
access domains only if you use a RADIUS, TACACS+, or SAML identity
server (IdP) server to manage administrator authentication and authorization.
To enable access domains, you must define:
When an administrator attempts to log in to the firewall, the
firewall queries the external server for the access domain of the administrator.
The external server returns the associated domain and the firewall
then restricts the administrator to the virtual systems that you
specified in the access domain. If the firewall does not use an
external server for authenticating and authorizing administrators, the
On Panorama, you can manage access domains locally or by
using RADIUS VSAs, TACACS+ VSAs, or SAML attributes (see Panorama
> Access Domains).
Access Domain Settings
Enter a name for the access domain (up to
31 characters). The name is case-sensitive and must be unique. Use
only letters, numbers, hyphens, underscores, and periods.
Select virtual systems in the Available
are only supported on firewalls that support virtual systems.