Palo Alto Networks: Configuring User Authentication

Palo Alto Networks: Configuring User Authentication

Global Protect users will be authenticated using the authentication method identified above. Users can authenticate using a local database, LDAP, RADIUS or Kerberos authentication server on Palo Alto Networks next-generation firewalls. For authentication purposes, we will use a local database.

Palo Alto Networks next-generation firewalls support the following authentication methods

  • Local
  • LDAP
  • Kerberos

To create a local users navigate to Device > Local User Database > Users and click on add to add a new user.

Fig 1.1- Local 

Navigate to Device > Server Profiles Specify the RADIUS server IP address, port and the shared secret.

Fig 1.2- RADIUS 

Kerberos server profile has a realm (for hostname), a domain (NetBIOS style), FQDNs and optional port that represent the KDC (Key Distribution Center) for the domain. The realm represents the hostname part of account principle name

Fig 1.3- Kerberos

Specify the IP address and the port number of the LDAP server, domain name, type of the server (active directory, e-directory, sun) and the base DN (the location in the LDAP hierarchy where the server must begin to search).

Fig 1.3- LDAP

We will come up with the next article with other feature sets in Palo Alto Networks