Focus

Configure Kerberos Server Authentication

Table of Contents

Filter

Expand All | Collapse All

Next-Generation Firewall Docs

Getting Started
Administration
Version
- Cloud Management of NGFWs
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
- PAN-OS 9.1 (EoL)
Networking
Version
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
AIOps
Incidents & Alerts
Release Notes
Version
- Cloud Management and AIOps for NGFW
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1
- PAN-OS 11.2
- PAN-OS 8.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 9.1 (EoL)

Configure Kerberos Single Sign-On

Configure TACACS+ Authentication

Configure Kerberos Server Authentication

You can use Kerberos to natively authenticate end users and firewall or Panorama administrators to an Active Directory domain controller or a Kerberos V5-compliant authentication server. This authentication method is interactive, requiring users to enter usernames and passwords.

To use a Kerberos server for authentication, the server must be accessible over an IPv4 address. IPv6 addresses are not supported.

Add a Kerberos server profile.
The profile defines how the firewall connects to the Kerberos server.
1. Select DeviceServer ProfilesKerberos or PanoramaServer ProfilesKerberos on Panorama™ and Add a server profile.
2. Enter a Profile Name to identify the server profile.
3. Add each server and specify a Name (to identify the server), IPv4 address or FQDN of the Kerberos Server, and optional Port number for communication with the server (default 88).
  
  If you use an FQDN address object to identify the server and you subsequently change the address, you must commit the change in order for the new server address to take effect.
4. Click OK to save your changes to the profile.
Assign the server profile to an Configure an Authentication Profile and Sequence.
The authentication profile defines authentication settings that are common to a set of users.
Assign the authentication profile to the firewall application that requires authentication.
- Administrative access to the web interface—Configure a Firewall Administrator Account and assign the authentication profile you configured.
- End user access to services and applications—Assign the authentication profile you configured to an authentication enforcement object and assign the object to Authentication policy rules. For the full procedure to configure authentication for end users, see Configure Authentication Policy.
Verify that the firewall can Test Authentication Server Connectivity to authenticate users.

Configure Kerberos Single Sign-On

Configure TACACS+ Authentication

Next-Generation Firewall Docs

Configure Kerberos Server Authentication

Next-Generation Firewall Docs

Configure Kerberos Server Authentication

Activation & Onboarding

Next-Generation Firewalls

Cloud-Delivered Security Services

Network Security

Visibility & Monitoring

Best Practices

Experts Corner