Network technologies and trends

Oct 10 2015   10:14AM GMT

Palo Alto Networks firewalls Account Administration Roles -101 – Series 2

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

Tags:
API
CLI
Firewalls
Palo Alto Networks
XML

 Palo Alto Networks Firewall Admin role has three parts namely:

  • WebUI
  • XML API 
  • Command Line

Screen Shot 2015-10-10 at 11.55.12 AM

WebUI supports Enable, Read Only and Disable levels

XML API offers only Enable and Disable levels.

When it comes CLI only pre defined built-in roles are allowed, customization is not allowed in CLI mode.

Palo Alto Networks firewall offers following built-in roles

  • None 
  • superuser:
  • superreader
  • deviceadmin
  • vsysadmin
  • vsysreader

Lets see  what kind of privilege each user  have in Palo Alto Networks Firewall

  • none: will have no access cli mode of Palo Alto Networks Firewall,
  • superuser: is the root user of the Palo Alto Networks firewall, superuser will have  full configuration access of the firewall which also includes the access to create user accounts and virtual systems. This privilege also can create another user with superuser rights.
  • superreader:  will have full read access to the firewall except superreader cannot do any configuration to the Palo Alto Networks Firewall.
  • vsysadmin: wil have full configuration access to the selected virtual system on the Palo Alto Networks firewall.
  • vsysreader:  will have full read access to the selected virtual system on the firewall, and vsysreader cannot do any configuration to the selected virtual system on the Palo Alto Networks Firewall
  • deviceadmin:  will have full configuration access to the selected device except for creating user accounts and virtual system on the Palo Alto Networks firewall.
  • devicereader: will  have full read access to the selected device, and no configuration rights like deviceadmin on the Palo Alto Networks Firewall.

This is also one great feature from Palo Alto Networks, which ensures that one can assign the user privileges,  based on user roles and responsibilities. This also eases the task of Firewall Administrator he/she doesn’t need to build a  user profile from scratch.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: