Configure a Panorama Administrator Account
Administrative accounts specify Administrative
Roles and authentication for Panorama administrators. The
service that you use to assign roles and perform authentication
determines whether you add the accounts on Panorama, on an external
server, or both (see Administrative
Authentication). For an external authentication service,
you must configure an authentication profile before adding an administrative
account (see Configure
Administrative Accounts and Authentication). If you already
configured the authentication profile or you will use the authentication mechanism
that is local to Panorama, perform the following steps to add an
administrative account on Panorama.
- Modify the number of supported administrator accounts.Configure the total number of supported concurrent administrative accounts sessions for Panorama in the normal operational mode or in FIPS-CC mode. You can allow up to four concurrent administrative account sessions or configure Panorama to support an unlimited number of concurrent administrative account sessions.
- Selectand edit the Authentication Settings.PanoramaSetupManagement
- Edit theMax Session Countto specify the number of supported concurrent sessions (range is0to4) allowed for all administrator and user accounts.Enter0to configure the firewall to support an unlimited number of administrative accounts.In FIPS-CC mode, the range is 1 to 4 with a default value of 4.In PAN-OS 10.0.4 and later releases, firewalls in FIPS-CC mode support a value of0to allow an unlimited amount of concurrent sessions.
- Edit theMax Session Timein minutes for an administrative account. Default is720minutes.
- ClickOK.
- CommitandCommit to Panorama.
You can also configure the total number of supported concurrent sessions by logging in to the Panorama CLI.admin>configureadmin#set deviceconfig setting management admin-session max-session-count <0-4>admin#set deviceconfig setting management admin-session max-session-time <0, 60-1499>admin#commitSelectandPanoramaAdministratorsAddan account.Enter a userNamefor the administrator.Select anAuthentication Profileor sequence if you configured either for the administrator.This is required if Panorama will use Kerberos SSO or an external service for authentication.If Panorama will use local authentication, set theAuthentication ProfiletoNoneand enter aPasswordand thenConfirm Password.Select theAdministrator Type:- Dynamic—Select a predefined administrator role.
- Custom Panorama Admin—Select the Admin RoleProfileyou created for this administrator (see Configure an Admin Role Profile).
- Device Group and Template Admin—Map access domains to administrative roles as described in the next step.
(Device Group and Template Admin only) In the Access Domain to Administrator Role section, clickAdd, select an Access Domain from the drop-down (see Configure an Access Domain), click the adjacent Admin Role cell, and select an Admin Role profile.ClickOKto save your changes.SelectandCommitCommit to PanoramaCommityour changes.
Recommended For You
Recommended Videos
Recommended videos not found.