Configure an Access Domain
Use Access Domains to define access for Device Group and Template administrators for specific device groups and templates, and also to control the ability of those administrators to switch context to the web interface of managed firewalls. Panorama supports up to 4,000 access domains.
- Select PanoramaAccess Domain and click Add.
- Enter a Name to identify the access domain.
- Select an access privilege for Shared Objects:
A consequence of this option is that administrators can’t perform any operations on non-Shared objects other than to display them. An example of why you might select this option is for an organization that requires all objects to be in a single, global repository.
- write—Administrators can perform all operations on Shared objects. This is the default value.
- read—Administrators can display and clone but cannot perform other operations on Shared objects. When adding non-Shared objects or cloning Shared objects, the destination must be a device group within the access domain, not the Shared location.
- shared-only—Administrators can add objects only to the Shared location. Administrators can display, edit, and delete Shared objects but cannot move or clone them.
- Toggle the icons in the Device Groups tab
to enable read-write or read-only access for device groups in the
access domain.If you set the Shared Objects access to shared-only, Panorama applies read-only access to the objects in any device groups for which you specify read-write access.
- Select the Templates tab and Add each template you want to assign to the access domain.
- Select the Device Context tab, select firewalls to assign to the access domain, and click OK. Administrators can access the web interface of these firewalls by using the Context drop-down in Panorama.
Panorama > Access Domains
Panorama > Access Domains Access domains control the access that Device Group and Template administrators have to specific device groups (to manage policies and objects), ...
Create a Device Group Hierarchy
Create a Device Group Hierarchy Plan the Device Group Hierarchy . Decide the device group levels, and which firewalls and virtual systems you will assign ...
Panorama > Administrators
Panorama > Administrators Select Panorama Administrators to create and manage accounts for Panorama administrators. If you log in to Panorama as an administrator with a ...
Administrative Roles You configure administrator accounts based on the security requirements of your organization, any existing authentication services that your network uses, and the required ...
Manage Device Groups
Manage Device Groups Add a Device Group Create a Device Group Hierarchy Create Objects for Use in Shared or Device Group Policy Revert to Inherited ...
Manage Unused Shared Objects
Manage Unused Shared Objects When you push configuration changes Device Groups , by default Panorama pushes all shared objects to firewalls whether or not any ...
Use the Panorama Web Interface
Use the Panorama Web Interface The web interface on both Panorama and the firewall has the same look and feel. However, the Panorama web interface ...
Device Group Objects
Device Group Objects Objects are configuration elements that policy rules reference, for example: IP addresses, URL categories, security profiles, users, services, and applications. Rules of ...
Save Candidate Configurations
Save Candidate Configurations Select Config Save Changes at the top right of the firewall or Panorama web interface to save a new snapshot file of ...