Palo Alto: Firewall Administrative Access Confirmation
This document provides IT admins with basic information about firewall configuration and use. It also answers the most common questions raised by support staff, especially that of access to the firewall and sources of additional information an individual may need. Some of the following references will require escalated permissions.
An in-depth article with a list of related topics can be found at: KB 76685
- Department firewall administrators manage the firewalls and control access rights to them. Many administrators group users in Manifest to facilitate management. Anyone needing access to the firewall should contact the firewall administrator for their network. This applies whether you need read-only access or access to make changes.
- Administrators: use https://manifest.services.wisc.edu/ to add or remove firewall permissions as needed. The following KB articles provide additional information:
- Panorama is the tool for managing a firewall remotely, regardless of its physical location. Access to Panorama is granted by the following three systems: groups, access rights, and login credentials. Panorama is a tool for managing a firewall remotely, regardless of its’ physical location. Manifest is used to manage groups and permissions, including firewall access. RADIUS is a Windows-based system for storing and securing login credentials.
To verify a department has access to their firewall context "VSYS", a Panorama admin will need to verify the departmental Access Domain exists:
- Navigation to Panorama: (as seen by Super-User or Panorama admin):
- If an Access Domain does not exist, a Manifest group will need to be created following KB 76116, referenced above as "Manifest - Group Suggestions".
- Anyone who does not know the name and contact information for their firewall or network administrator should contact the Manifest administrator if known. Otherwise, email firstname.lastname@example.org with your group name or department name, the access required, and the reason.
- KB 74094 (Internal Access Only, NetID login required).