Device > Server Profiles > TACACS+
Select DeviceServer ProfilesTACACS+ or PanoramaServer ProfilesTACACS+ to configure the settings that define how the firewall or Panorama connects to Terminal Access Controller Access-Control System Plus (TACACS+) servers (see Device > Authentication Profile). You can use TACACS+ to authenticate end users who access your network resources (through GlobalProtect or Captive Portal), to authenticate administrators defined locally on the firewall or Panorama, and to authenticate and authorize administrators defined externally on the TACACS+ server.
TACACS+ Server Settings
Enter a name to identify the server profile (up to 31 characters). The name is case-sensitive and must be unique. Use only letters, numbers, spaces, hyphens, and underscores.
Select the scope in which the profile is available. In the context of a firewall that has more than one virtual system (vsys), select a vsys or select Shared (all virtual systems). In any other context, you can’t select the Location; its value is predefined as Shared (firewalls) or as Panorama. After you save the profile, you can’t change its Location.
Administrator Use Only
Select this option to specify that only administrator accounts can use the profile for authentication. For multi-vsys firewalls, this option appears only if the Location is Shared.
Enter an interval in seconds after which an authentication request times out (range is 1–20; default is 3).
Select the Authentication Protocol that the firewall uses to secure a connection to the TACACS+ server:
Use single connection for all authentication
Select this option to use the same TCP session for all authentications. This option improves performance by avoiding the processing required to initiate and tear down a separate TCP session for each authentication event.
Click Add and specify the following settings for each TACACS+ server:
Configure TACACS+ Authentication
Configure TACACS+ Authentication You can configure TACACS+ authentication for end users and firewall or Panorama administrators. You can also use a TACACS+ server to manage ...
Device > Server Profiles > RADIUS
Device > Server Profiles > RADIUS Select Device Server Profiles RADIUS or Panorama Server Profiles RADIUS to configure settings for the Remote Authentication Dial-In User ...
Configure TACACS+ Authentication for Panorama Administrators
Configure TACACS+ Authentication for Panorama Administrators You can use a TACACS+ server to authenticate administrative access to the Panorama web interface. You can also define ...
Set Up RADIUS or TACACS+ Authentication
Set Up RADIUS or TACACS+ Authentication RADIUS is a client/server protocol and software that enables remote access servers to communicate with a central server to ...
TACACS+ User Account Management
TACACS+ User Account Management You can now use Terminal Access Controller Access-Control System Plus ( TACACS+ ) Vendor-Specific Attributes (VSAs) to manage firewall and Panorama ...
Configure an Authentication Profile
Authentication Profile Device > Authentication Profile Select Device Authentication Profile or Panorama Authentication Profile to manage authentication profiles. To create a new profile, Add one ...
Enable Two-Factor Authentication Using Certificate and Authentication Profiles
Enable Two-Factor Authentication Using Certificate and Authentication Profiles The following workflow describes how to configure GlobalProtect client authentication requiring the user to authenticate both to ...
Configure an Authentication Profile and Sequence
Configure an Authentication Profile and Sequence An authentication profile defines the authentication service that validates the login credentials of administrators who access the firewall web ...
Test Authentication Server Connectivity
Test Authentication Server Connectivity The test authentication feature enables you to verify whether the firewall or Panorama can communicate with the authentication server specified in ...