: Configure an Admin Role Profile for Selective Push to Managed Firewalls
Focus
Focus

Configure an Admin Role Profile for Selective Push to Managed Firewalls

Table of Contents

Configure an Admin Role Profile for Selective Push to Managed Firewalls

Create an admin role profile to push individual device group and template configuration objects to specific firewalls managed by the Panorama™ management server.
To allow for greater control of configuration changes of managed firewalls, create an admin role profile to enable a Panorama administrator to push configuration for one or more Panorama administrators from the Panorama™ management server to managed firewalls. After you commit selective configuration changes to Panorama, you can select specific Panorama admin changes to review the configuration changes and then push only those changes made by the selected admins to your managed firewalls. Leveraging selective pushes to managed firewalls also reduces the risk of pushing incomplete device group and template configurations to managed firewalls by allowing you to explicitly exclude incomplete configuration changes when you push to managed firewalls. This helps mitigate and avoid potential outages and configuration related issues that could cause network disruptions,.
Administrators with Superuser or Panorama admin role privileges can push and review object level changes of other administrators by default. However, you can modify the Panorama administrator admin roles to modify the object level configuration privileges as needed.
  1. (
    Optional
    ) Select
    Device
    Admin Roles
    and select the
    Template
    in which to configure a firewall admin role profile.
    You must create an Admin Role profile on the firewall and assign it to the Panorama management server Admin Role profile to allow administrators to context switch between Panorama and managed firewall web interfaces.
  2. Select
    Panorama
    Admin Roles
    and
    Add
    a new admin role.
  3. Enter a descriptive
    Name
    for the admin role.
  4. Select the
    Panorama
    admin role.
  5. Select
    Web UI
    and navigate to the Commit privileges.
  6. Configure the object level configuration privileges as needed.
    All object level configuration privileges are enabled by default.
    The default Superuser or Panorama admin role privileges support full object level configuration privileges.
    • Push All Changes—
      Allow the administrator to push all changes made by all admins.
    • Push For Other Admins—
      Allows the administrator select and push configuration changes made by other administrators.
    • Object Level Changes—
      Allows the administrator to view individual configuration objects to push. If disabled, the list of configuration objects is not displayed in the Push Scope.
  7. (
    Optional
    ) To allow
    Panorama
    administrators to
    Context Switch
    between the Panorama and firewall web interface, enter the name of
    Device Admin Role
    you configured in Step 1.
  8. Click
    OK
    .
  9. Configure a custom Panorama administrator and select the
    Admin Role
    you created.
  10. Commit
    and
    Commit to Panorama
    .

Recommended For You