>
    Configure a Firewall Administrator Account
    Focus
    Download PDF
    Focus
    1. Home
    2. PAN-OS
    3. Firewall Administration
    4. Manage Firewall Administrators
    5. Configure Administrative Accounts and Authentication
    6. Configure a Firewall Administrator Account
    Download PDF

    Configure a Firewall Administrator Account

    Table of Contents
    End-of-Life (EoL)

    Configure a Firewall Administrator Account

    Administrative accounts specify roles and authentication methods for firewall administrators. The service that you use to assign roles and perform authentication determines whether you add the accounts on the firewall, on an external server, or both (see Administrative Authentication). If the authentication method relies on a local firewall database or an external service, you must configure an authentication profile before adding an administrative account (see Configure Administrative Accounts and Authentication). If you already configured the authentication profile or you will use Local Authentication without a firewall database, perform the following steps to add an administrative account on the firewall.
    Create a separate administrative account for each person who needs access to the administrative or reporting functions of the firewall. This enables you to better protect the firewall from unauthorized configuration and enables logging of the actions of individual administrators.
    Make sure you are following the Best Practices for Securing Administrative Access to ensure that you are securing administrative access to your firewalls and other security devices in a way that prevents successful attacks.
    1. Select DeviceAdministrators and Add an account.
    2. Enter a user Name.
      If the firewall uses a local user database to authenticate the account, enter the name that you specified for the account in the database (see Add the user group to the local database.)
    3. Select an Authentication Profile or sequence if you configured either for the administrator.
      If the firewall uses Local Authentication without a local user database for the account, select None (default) and enter a Password.
    4. Select the Administrator Type.
      If you configured a custom role for the user, select Role Based and select the Admin Role Profile. Otherwise, select Dynamic (default) and select a dynamic role. If the dynamic role is virtual system administrator, add one or more virtual systems that the virtual system administrator is allowed to manage.
    5. (Optional) Select a Password Profile for administrators that the firewall authenticates locally without a local user database. For details, see Define a Password Profile.
    6. Click OK and Commit.

    © 2024 Palo Alto Networks, Inc. All rights reserved.