Device > Server Profiles > Kerberos
to configure a server profile that enables users to natively authenticate to an Active Directory domain controller or a Kerberos V5-compliant authentication server. After configuring a Kerberos server profile you can assign it to an authentication profile (see Device > Authentication Profile). You can use Kerberos to authenticate end users who access your network resources (through GlobalProtect or Captive Portal) and administrators defined locally on the firewall or Panorama.
To use Kerberos authentication, your back-end Kerberos server must be accessible over an IPv4 address. IPv6 addresses are not supported.
Kerberos Server Settings
Enter a name to identify the server (up to 31 characters). The name is case-sensitive and must be unique. Use only letters, numbers, spaces, hyphens, and underscores.
Select the scope in which the profile is available. In the context of a firewall that has more than one virtual system (vsys), select a vsys or select
Shared(all virtual systems). In any other context, you can’t select the
Location; its value is predefined as Shared (
firewalls) or as Panorama. After you save the profile, you can’t change its
Administrator Use Only
Select this option to specify that only administrator accounts can use the profile for authentication. For firewalls that have multiple virtual systems, this option appears only if the
For each Kerberos server, click
Addand specify the following settings:
Set Up Kerberos Authentication
Set Up Kerberos Authentication Kerberos is a computer network authentication protocol that uses tickets to allow nodes that communicate over a non-secure network to prove ...
Configure Kerberos Server Authentication
Configure Kerberos Server Authentication You can use Kerberos to natively authenticate end users and firewall or Panorama administrators to an Active Directory domain controller or ...
Kerberos Kerberos is an authentication protocol that enables a secure exchange of information between parties over an insecure network using unique keys (called tickets) to ...
Objects > Authentication
Objects > Authentication An authentication enforcement object specifies the method and service to use for authenticating end users who access your network resources. You assign ...
Configure Local or External Authentication for Panorama Adm...
Configure Local or External Authentication for Panorama Administrators You can use an external authentication service or the service that is local to Panorama to authenticate ...
Configure Local or External Authentication for Firewall Adm...
Configure Local or External Authentication for Firewall Administrators You can use Local Authentication and External Authentication Services to authenticate administrators who access the firewall. These ...
Device > Authentication Sequence
Device > Authentication Sequence Device > Authentication Sequence Panorama > Authentication Sequence In some environments, user accounts reside in multiple directories (such as LDAP and ...
Configure an Authentication Profile and Sequence
Configure an Authentication Profile and Sequence An authentication profile defines the authentication service that validates the login credentials of administrators who access the firewall web ...
Configure an Authentication Profile
Authentication Profile Device > Authentication Profile Select Device Authentication Profile or Panorama Authentication Profile to manage authentication profiles. To create a new profile, Add one ...