Network > Network Profiles > Interface Mgmt
An Interface Management profile protects the firewall from unauthorized access by defining the services and IP addresses that a firewall interface permits. You can assign an Interface Management profile to Layer 3 Ethernet interfaces (including subinterfaces) and to logical interfaces (aggregate group, VLAN, loopback, and tunnel interfaces). To assign an Interface Management profile, see Network > Interfaces.
Do not attach an interface management profile that allows Telnet, SSH, HTTP, or HTTPS to an interface that allows access from the internet or from other untrusted zones inside your enterprise security boundary. This includes the interface where you have configured a GlobalProtect portal or gateway; GlobalProtect does not require an interface management profile to enable access to the portal or the gateway. Refer to the Best Practices for Securing Administrative Access for details on how to protect access to your firewalls and Panorama.
Do not attach an interface management profile that allows Telnet, SSH, HTTP, or HTTPS to an interface where you have configured a GlobalProtect portal or gateway because this will expose the management interface to the internet.
Enter a profile name (up to 31 characters). This name appears in the list of Interface Management profiles when configuring interfaces. The name is case-sensitive and must be unique. Use only letters, numbers, spaces, hyphens, and underscores.
Administrative Management Services
Permitted IP Addresses
Enter the list of IPv4 or IPv6 addresses from which the interface allows access.
Use Interface Management Profiles to Restrict Access
Use Interface Management Profiles to Restrict Access An Interface Management profile protects the firewall from unauthorized access by defining the protocols, services, and IP addresses ...
Device > Setup > Interfaces
Device > Setup > Interfaces Use this page to configure connection settings, allowed services, and administrative access for the management (MGT) interface on all firewall ...
Panorama > Setup > Interfaces
Panorama > Setup > Interfaces Select Panorama Setup Interfaces to configure the interfaces that Panorama uses to manage firewalls and Log Collectors, deploy software and ...
Device > User Identification > Captive Portal Settings
Device > User Identification > Captive Portal Settings Edit ( ) the Captive Portal Settings to configure the firewall to authenticate users whose traffic matches ...
Configure Captive Portal
Configure Captive Portal The following procedure shows how to set up Captive Portal authentication by configuring the PAN-OS integrated User-ID agent to redirect web requests ...
Export SAML Meta data from an Authentication Profile
SAML Metadata Export from an Authentication Profile Device > Authentication Profile The firewall and Panorama can use a SAML identity provider (IdP) to authenticate users ...
Best Practices for Securing Administrative Access
Learn the best practices for securing administrative access to your firewalls to prevent successful cyberattacks through an exposed management interface. ...
Configure SAML Authentication
Configure SAML Authentication To configure SAML single sign-on (SSO) and single logout (SLO), you must register the firewall and the IdP with each other to ...
Keys and Certificates
Keys and Certificates To ensure trust between parties in a secure communication session, Palo Alto Networks firewalls and Panorama use digital certificates. Each certificate contains ...