Add Firewall Accounts
Palo Alto Networks firewall comes preconfigured with a default administrative account (admin), which provides full read-write access (also known as superuser access) to the firewall.
1-Create Admin Role Profiles
The way you configure administrator accounts depends on the security requirements within your organization,
Since we are in a lab environment, I will show you how to create a local administrator account with local authentication.
Please look at PaloAlto web site for more information regarding “Administrative Roles” and “Administrative Authentication”
Select Device > Admin Roles and then click Add.
Enter a Name for the profile and on the Web UI and/or XML API tabs, set the access levels
On the Command Line tab, specify the type of access to allow to the CLI: superreader, deviceadmin, or devicereader
Then click OK to save the role.
2-Create account for each administrator
Select Device > Administrators and then click Add.
- Enter a user Name and Password for the administrator.
- Select the Role to assign to this administrator. You can either select one of the predefined “Dynamic roles” or “Role based” (a custom Role)
Click OK to save the account.
Note: in a separate post I will go through “Password Profile” creating steps.
Click Commit to commit your changes.