Palo Alto Networks: Configuring User Authentication
Palo Alto Networks: Configuring User Authentication
Global Protect users will be authenticated using the authentication method identified above. Users can authenticate using a local database, LDAP, RADIUS or Kerberos authentication server on Palo Alto Networks next-generation firewalls. For authentication purposes, we will use a local database.
Palo Alto Networks next-generation firewalls support the following authentication methods
- Local
- LDAP
- RADIUS
- Kerberos
Local
To create a local users navigate to Device > Local User Database > Users and click on add to add a new user.
 |
| Fig 1.1- Local |
RADIUS
Navigate to Device > Server Profiles Specify the RADIUS server IP address, port and the shared secret.
 |
| Fig 1.2- RADIUS |
Kerberos
Kerberos server profile has a realm (for hostname), a domain (NetBIOS style), FQDNs and optional port that represent the KDC (Key Distribution Center) for the domain. The realm represents the hostname part of account principle name
 |
| Fig 1.3- Kerberos |
LDAP
Specify the IP address and the port number of the LDAP server, domain name, type of the server (active directory, e-directory, sun) and the base DN (the location in the LDAP hierarchy where the server must begin to search).
 |
| Fig 1.3- LDAP |
We will come up with the next article with other feature sets in Palo Alto Networks
