Panorama > Access Domains
Access domains control the access that Device Group and Template administrators have to specific device groups (to manage policies and objects), to templates (to manage network and device settings), and to the web interface of managed firewalls (through context switching). You can define up to 4,000 access domains and manage them locally or by using RADIUS Vendor-Specific Attributes (VSAs), TACACS+ VSAs, or SAML attributes. To create an access domain,
Adda domain and configure the settings as described in the following table.
Access Domain Settings
Enter a name for the access domain (up to 31 characters). The name is case-sensitive, must be unique, and can contain only letters, numbers, hyphens, and underscores.
Select one of the following access privileges for the objects that device groups in this access domain inherit from the Shared location. Regardless of privilege, administrators can’t override shared or default (predefined) objects.
Enable or disable read-write access for specific device groups in the access domain. You can also click
Disable All. Enabling read-write access for a device group automatically enables the same access for its descendants. If you manually disable a descendant, access for its highest ancestor automatically changes to read-only. By default, access is disabled for all device groups.
If you want the list to display only specific device groups, select the device group names and
If you set the access for shared objects to
shared-only, Panorama applies read-only access to any device groups for which you specify read-write access.
For each template or template stack you want to assign, click
Addand select it from the drop-down.
Corresponds to the Device/Virtual Systems column in the Access Domain page)
Select the firewalls to which the administrator can switch context for performing local configuration. If the list is long, you can filter by
Configure an Access Domain
Configure an Access Domain Use Access Domains to define access for Device Group and Template administrators for specific device groups and templates, and also to ...
Create a Device Group Hierarchy
Create a Device Group Hierarchy Plan the Device Group Hierarchy . Decide the device group levels, and which firewalls and virtual systems you will assign ...
Panorama > Administrators
Panorama > Administrators Select Panorama Administrators to create and manage accounts for Panorama administrators. If you log in to Panorama as an administrator with a ...
Administrative Roles You configure administrator accounts based on the security requirements of your organization, any existing authentication services that your network uses, and the required ...
Use the Panorama Web Interface
Use the Panorama Web Interface The web interface on both Panorama and the firewall has the same look and feel. However, the Panorama web interface ...
Access Domains Access domains control administrative access to specific Device Groups and templates Overview of template and template stack configuration functionality. , and also control ...
Save Candidate Configurations
Save Candidate Configurations Select Config Save Changes at the top right of the firewall or Panorama web interface to save a new snapshot file of ...
Panorama Commit Operations
Panorama Commit Operations Click Commit at the top right of the web interface and select an operation for pending changes to the Panorama configuration and ...
Device Group Objects
Device Group Objects Objects are configuration elements that policy rules reference, for example: IP addresses, URL categories, security profiles, users, services, and applications. Rules of ...