Provide Granular Access to the Network Tab
Table of Contents
Expand All
|
Collapse All
Next-Generation Firewall Docs
-
-
- Cloud Management of NGFWs
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
- PAN-OS 9.1 (EoL)
-
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
-
-
-
- Cloud Management and AIOps for NGFW
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1
- PAN-OS 11.2
- PAN-OS 8.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 9.1 (EoL)
End-of-Life (EoL)
Provide Granular Access to the Network Tab
When deciding whether to allow access to the
Network
tab
as a whole, determine whether the administrator will have network administration
responsibilities, including GlobalProtect administration. If not,
the administrator probably does not need access to the tab.You can also define access to the
Network
tab
at the node level. By enabling access to a specific node, you give
the administrator the privilege to view, add, and delete the corresponding
network configurations. Giving read-only access allows the administrator
to view the already-defined configuration, but not create or delete
any. Disabling a node prevents the administrator from seeing the
node in the web interface.Access Level | Description | Enable | Read Only | Disable |
---|---|---|---|---|
Interfaces | Specifies whether the administrator can
view, add, or delete interface configurations. | Yes | Yes | Yes |
Zones | Specifies whether the administrator can
view, add, or delete zones. | Yes | Yes | Yes |
VLANs | Specifies whether the administrator can
view, add, or delete VLANs. | Yes | Yes | Yes |
Virtual Wires | Specifies whether the administrator can
view, add, or delete virtual wires. | Yes | Yes | Yes |
Virtual Routers | Specifies whether the administrator can
view, add, modify or delete virtual routers. | Yes | Yes | Yes |
IPSec Tunnels | Specifies whether the administrator can
view, add, modify, or delete IPSec Tunnel configurations. | Yes | Yes | Yes |
GRE Tunnels | Specifies whether the administrator can
view, add, modify, or delete GRE Tunnel configurations. | Yes | Yes | Yes |
DHCP | Specifies whether the administrator can
view, add, modify, or delete DHCP server and DHCP relay configurations. | Yes | Yes | Yes |
DNS Proxy | Specifies whether the administrator can
view, add, modify, or delete DNS proxy configurations. | Yes | Yes | Yes |
GlobalProtect | Specifies whether the administrator can
view, add, modify GlobalProtect portal and gateway configurations.
You can disable access to the GlobalProtect functions entirely,
or you can enable the GlobalProtect privilege and then restrict
the role to either the portal or gateway configuration areas. | Yes | No | Yes |
Portals | Specifies whether the administrator can
view, add, modify, or delete GlobalProtect portal configurations. | Yes | Yes | Yes |
Gateways | Specifies whether the administrator can
view, add, modify, or delete GlobalProtect gateway configurations. | Yes | Yes | Yes |
MDM | Specifies whether the administrator can
view, add, modify, or delete GlobalProtect MDM server configurations. | Yes | Yes | Yes |
Device Block List | Specifies whether the administrator can
view, add, modify, or delete device block lists. | Yes | Yes | Yes |
Clientless Apps | Specifies whether the administrator can
view, add, modify, or delete GlobalProtect Clientless VPN applications. | Yes | Yes | Yes |
Clientless App Groups | Specifies whether the administrator can
view, add, modify, or delete GlobalProtect Clientless VPN application groups. | Yes | Yes | Yes |
QoS | Specifies whether the administrator can
view, add, modify, or delete QoS configurations. | Yes | Yes | Yes |
LLDP | Specifies whether the administrator can
view add, modify, or delete LLDP configurations. | Yes | Yes | Yes |
Network Profiles | Sets the default state to enable or disable
for all of the Network settings described below. | Yes | No | Yes |
GlobalProtect IPSec Crypto | Controls access to the Network Profiles GlobalProtect IPSec Crypto If
you disable this privilege, the administrator will not see that
node, or configure algorithms for authentication and encryption
in VPN tunnels between a GlobalProtect gateway and clients. If
you set the privilege to read-only, the administrator can view existing GlobalProtect
IPSec Crypto profiles but cannot add or edit them. | Yes | Yes | Yes |
IKE Gateways | Controls access to the Network Profiles IKE Gateways IKE
Gateways node or define gateways that include the configuration
information necessary to perform IKE protocol negotiation with peer gateway.If
the privilege state is set to read-only, you can view the currently configured
IKE Gateways but cannot add or edit gateways. | Yes | Yes | Yes |
IPSec Crypto | Controls access to the Network Profiles IPSec Crypto Network Profiles IPSec Crypto If
the privilege state is set to read-only, you can view the currently configured
IPSec Crypto configuration but cannot add or edit a configuration. | Yes | Yes | Yes |
IKE Crypto | Controls how devices exchange information
to ensure secure communication. Specify the protocols and algorithms
for identification, authentication, and encryption in VPN tunnels
based on IPsec SA negotiation (IKEv1 Phase-1). | Yes | Yes | Yes |
Monitor | Controls access to the Network Profiles Monitor Network Profiles Monitor If the privilege state is set to read-only, you
can view the currently configured monitor profile configuration
but cannot add or edit a configuration. | Yes | Yes | Yes |
Interface Mgmt | Controls access to the Network Profiles Interface Mgmt Network Profiles Interface Mgmt If
the privilege state is set to read-only, you can view the currently configured
Interface management profile configuration but cannot add or edit
a configuration. | Yes | Yes | Yes |
Zone Protection | Controls access to the Network Profiles Zone Protection Network Profiles Zone Protection If the
privilege state is set to read-only, you can view the currently configured
Zone Protection profile configuration but cannot add or edit a configuration. | Yes | Yes | Yes |
QoS Profile | Controls access to the Network Profiles QoS Network Profiles QoS If
the privilege state is set to read-only, you can view the currently configured
QoS profile configuration but cannot add or edit a configuration. | Yes | Yes | Yes |
LLDP Profile | Controls access to the Network Profiles LLDP Network Profiles LLDP If the
privilege state is set to read-only, you can view the currently configured
LLDP profile configuration but cannot add or edit a configuration. | Yes | Yes | Yes |
BFD Profile | Controls access to the Network Profiles BFD Profile Network Profiles BFD Profile If
the privilege state is set to read-only, you can view the currently configured
BFD profile but cannot add or edit a BFD profile. | Yes | Yes | Yes |
SD-WAN Interface Profile | Controls access to the SD-WAN Interface Profile SD-WAN Interface Profile If
the privilege state is set to read-only, you can view the currently configured
SD-WAN Interface Profile but cannot add or edit one. | Yes | Yes | Yes |