Configure Authorization, Authentication, and Device Access

1. Role-Based Access Control (RBAC)

Palo Alto Networks firewalls support granular Role-Based Access Control (RBAC) through Admin Role Profiles that define permissions per function and area of the firewall (e.g., policy, objects, network).

Go to Device > Admin Roles
Create a new Admin Role Profile
Select read/write/none access for each functional area
Assign this role to administrators under Device > Administrators

This ensures users only have access to what their role requires, enhancing security and management efficiency.

For more details, refer to the official documentation on Configuring an Admin Role Profile .

2. Administrator Authentication

You can authenticate administrators using:

Local database
External authentication servers:
- LDAP
- RADIUS
- TACACS+
- Kerberos
- SAML

Create an Authentication Profile under Device > Authentication Profile and attach it to the administrator account.

For more information, see the guide on Administrative Authentication .

3. Authentication Sequence

Authentication Sequences define the order of multiple authentication sources. For example, try LDAP first, fallback to local.

Configure under Device > Authentication Sequence
Useful for redundancy and hybrid environments

Refer to the documentation on Configuring an Authentication Profile and Sequence for detailed steps.

4. Device Admin Account Configuration

To configure admin accounts:

Go to Device > Administrators
Create an admin entry
Assign either a role-based profile or superuser rights
Attach the Authentication Profile

Detailed instructions are available in the guide on Configuring Administrative Accounts and Authentication .

5. Tracking Administrator Activity

Use Command Logging and Configuration Audit to track admin activities.

Monitor > Logs > System – View login/logout
Monitor > Logs > Configuration – Track who changed what
Device > Setup > Management > Logging and Reporting Settings – Customize logging behavior

For more information, refer to the documentation on Viewing Logs and Audit Trails .

6. Secure Device Access

To secure device access:

Use only HTTPS, SSH for management
Create Management Profiles to restrict which services are allowed per interface
Use Permitted IP Addresses to limit administrative access sources
Disable HTTP and Telnet

Navigate to Network > Network Profiles > Interface Mgmt to create and apply profiles.

For detailed steps, see the guide on Configuring Administrative Access to the Firewall .

7. Isolate the Management Network

To enhance security, it's crucial to isolate the management network:

Use a dedicated management network accessible only to authorized administrators and services.
Implement a bastion host or jump server to control and monitor access to the management network.
Restrict management interface access to specific IP addresses or subnets.
Apply security policies to inspect and control traffic destined for the management interfaces.

For detailed guidance, refer to the Deploy Administrative Access Best Practices .

8. Implement Multi-Factor Authentication (MFA)

Enhance administrator authentication by implementing MFA:

Configure MFA using external authentication services like RADIUS, LDAP, or SAML.
Ensure that all administrative accounts require MFA for access.
Regularly review and update MFA configurations to align with security policies.

For more information, see the guide on Administrative Authentication .

9. Regularly Update and Patch Systems

Maintain the security and stability of your firewalls by:

Regularly checking for and applying PAN-OS updates and patches.
Subscribing to Palo Alto Networks security advisories to stay informed about vulnerabilities.
Testing updates in a controlled environment before deploying to production systems.

Refer to the Manage Software and Content Updates guide for detailed instructions.

10. Monitor and Audit Administrative Activities

Implement monitoring and auditing to track administrative actions:

Enable detailed logging for all administrative activities.
Regularly review logs to detect unauthorized or suspicious actions.
Integrate logs with a Security Information and Event Management (SIEM) system for centralized analysis.

For comprehensive monitoring strategies, consult the View Logs and Audit Trails documentation.