You can use Kerberos to
natively authenticate end users and firewall or Panorama administrators
to an Active Directory domain controller or a Kerberos V5-compliant
authentication server. This authentication method is interactive,
requiring users to enter usernames and passwords.
To use a Kerberos server for authentication,
the server must be accessible over an IPv4 address. IPv6 addresses
are not supported.
Add a Kerberos
The profile defines how the firewall connects to the Kerberos
the server profile.
each server and specify
(to identify the server), IPv4 address
or FQDN of the
, and optional
for communication with the server (default 88).
If you use an FQDN address object to identify the
server and you subsequently change the address, you must commit
the change in order for the new server address to take effect.
End user access to services and applications—Assign the authentication
profile you configured to an authentication enforcement object and
assign the object to Authentication policy rules. For the full procedure
to configure authentication for end users, see Configure