Create and Manage Authentication Policy
Select the PoliciesAuthentication page to create and manage Authentication policy rules:
Perform the following prerequisites before creating Authentication policy rules:
To create a rule, perform one of the following steps and then complete the fields described in Building Blocks of an Authentication Policy Rule:
To modify a rule, click the rule Name and edit the fields described in Building Blocks of an Authentication Policy Rule.
If the firewall received the rule from Panorama, the rule is read-only; you can edit it only on Panorama.
When matching traffic, the firewall evaluates rules from top to bottom in the order that the PoliciesAuthentication page lists them. To change the evaluation order, select a rule and Move Up, Move Down, Move Top, or Move Bottom. For details, see Move or Clone a Policy Rule.
To remove an existing rule, select and Delete it.
To disable a rule, select and Disable it. To re-enable a disabled rule, select and Enable it.
Highlight Unused Rules
To identify rules that have not matched traffic since the last time the firewall was restarted, Highlight Unused Rules. You can then decide whether to disable or delete unused rules. The page highlights unused rules with a dotted yellow background.
Preview rules (Panorama only)
Click Preview Rules to view a list of the rules before you push the rules to the managed firewalls. Within each rulebase, the page visually demarcates the rule hierarchy for each device group (and managed firewall) to facilitate scanning of numerous rules.
Objects > Authentication
Objects > Authentication An authentication enforcement object specifies the method and service to use for authenticating end users who access your network resources. You assign ...
Building Blocks of an Authentication Policy Rule
Building Blocks of an Authentication Policy Rule Whenever a user requests a resource (such as when visiting a web page), the firewall evaluates Authentication policy. ...
Configure Captive Portal
Configure Captive Portal The following procedure shows how to set up Captive Portal authentication by configuring the PAN-OS integrated User-ID agent to redirect web requests ...
Device > User Identification > Captive Portal Settings
Device > User Identification > Captive Portal Settings Edit ( ) the Captive Portal Settings to configure the firewall to authenticate users whose traffic matches ...
Configure Authentication Policy
Configure Authentication Policy Perform the following steps to configure Authentication policy for end users who access services through Captive Portal. Before starting, ensure that your ...
Manage the Rule Hierarchy
Manage the Rule Hierarchy The order of policy rules is critical for the security of your network. Within any policy layer (shared, device group, or ...
Authentication Timestamps When configuring an Authentication policy rule, you can specify a timeout period during which a user authenticates only for initial access to services ...
Configure Multi-Factor Authentication
Configure Multi-Factor Authentication To use Multi-Factor Authentication (MFA) for protecting sensitive services and applications, you must configure Captive Portal to display a web form for ...
Configure GlobalProtect to Facilitate Multi-Factor Authenti...
Configure GlobalProtect to Facilitate Multi-Factor Authentication Notifications To protect critical applications and stop attackers from using stolen credentials to conduct lateral movement throughout your network, ...