Palo Alto: Firewall Administrative Access Confirmation

This document provides IT admins with basic information about firewall configuration and use. It also answers the most common questions raised by support staff, especially that of access to the firewall and sources of additional information an individual may need. Some of the following references will require escalated permissions.

An in-depth article with a list of related topics can be found at: KB 76685


Firewall Administration:
  • Department firewall administrators manage the firewalls and control access rights to them. Many administrators group users in Manifest to facilitate management. Anyone needing access to the firewall should contact the firewall administrator for their network. This applies whether you need read-only access or access to make changes.
  • Panorama is the tool for managing a firewall remotely, regardless of its physical location. Access to Panorama is granted by the following three systems: groups, access rights, and login credentials. Panorama is a tool for managing a firewall remotely, regardless of its’ physical location. Manifest is used to manage groups and permissions, including firewall access. RADIUS is a Windows-based system for storing and securing login credentials.
    To verify a department has access to their firewall context "VSYS", a Panorama admin will need to verify the departmental Access Domain exists:
    • Navigation to Panorama: (as seen by Super-User or Panorama admin):

    • KB_Admin_Access_Domains.png

    • If an Access Domain does not exist, a Manifest group will need to be created following KB 76116, referenced above as "Manifest - Group Suggestions".
  • Anyone who does not know the name and contact information for their firewall or network administrator should contact the Manifest administrator if known. Otherwise, email manifest@doit.wisc.edu with your group name or department name, the access required, and the reason.
See Also:
  • KB 74094 (Internal Access Only, NetID login required).




Keywords:panorama paloalto firewall manifest administrator admin fw-read fw-admin vsys   Doc ID:100522
Owner:Vincent A.Group:Office of Cybersecurity
Created:2020-04-13 15:38 CDTUpdated:2020-04-20 13:14 CDT
Sites:Cybersecurity Operations Center, Office of Cybersecurity
Feedback:  0   0