Palo Alto Networks firewalls offer multiple methods for administrators to access and manage devices securely. Understanding these access methods is crucial for maintaining the security and integrity of your network infrastructure.
The web interface provides a graphical user interface (GUI) for configuring and monitoring the firewall. Access is secured using HTTPS, and administrators can authenticate using various methods, including username/password, client certificates, or multi-factor authentication (MFA).
The CLI allows administrators to configure and monitor the firewall using text-based commands. Access is typically secured using SSH, and authentication can be performed using username/password or SSH keys.
The PAN-OS API enables programmatic access to the firewall for automation and integration purposes. Administrators can use the API to configure settings, retrieve information, and manage the device remotely. Authentication is performed using API keys or administrator credentials.
Palo Alto Networks firewalls provide dedicated management interfaces for administrative access:
Access domains allow administrators to have access only to specific virtual systems (vsys) on the firewall. This feature is particularly useful in multi-tenant environments where administrators should be restricted to managing only their assigned vsys.