Device > Server Profiles > TACACS+
to configure the settings that define how the firewall or Panorama connects to Terminal Access Controller Access-Control System Plus (TACACS+) servers (see Device > Authentication Profile). You can use TACACS+ to authenticate end users who access your network resources (through GlobalProtect or Captive Portal), to authenticate administrators defined locally on the firewall or Panorama, and to authenticate and authorize administrators defined externally on the TACACS+ server.
TACACS+ Server Settings
Enter a name to identify the server profile (up to 31 characters). The name is case-sensitive and must be unique. Use only letters, numbers, spaces, hyphens, and underscores.
Select the scope in which the profile is available. In the context of a firewall that has more than one virtual system (vsys), select a vsys or select
Shared(all virtual systems). In any other context, you can’t select the
Location; its value is predefined as Shared (
firewalls) or as Panorama. After you save the profile, you can’t change its
Administrator Use Only
Select this option to specify that only administrator accounts can use the profile for authentication. For multi-vsys firewalls, this option appears only if the
Enter an interval in seconds after which an authentication request times out (range is 1–20; default is 3).
Authentication Protocolthat the firewall uses to secure a connection to the TACACS+ server:
Use single connection for all authentication
Select this option to use the same TCP session for all authentications. This option improves performance by avoiding the processing required to initiate and tear down a separate TCP session for each authentication event.
Addand specify the following settings for each TACACS+ server: