Administrative accounts specify roles and authentication
methods for the administrators of Palo Alto Networks firewalls.
Every Palo Alto Networks firewall has a predefined default administrative
account (admin) that provides full read-write access (also known
as superuser access) to the firewall.
As a best practice, create a separate
administrative account for each person who needs access to the administrative
or reporting functions of the firewall. This enables you to better
protect the firewall from unauthorized configuration and enables
logging of the actions of individual administrators. Make sure you
are following the Best
Practices for Securing Administrative Access to ensure that
you are securing administrative access to your firewalls and other
security devices in a way that prevents successful attacks.