Admins and Role-Based Access Control – PCNSA
source link: https://rowelldionicio.com/admins-role-based-access-control-pcnsa/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Admins and Role-Based Access Control – PCNSA
January 11, 2022 By Rowell Leave a Comment
This is published as part of a series on obtaining the PCNSA certification.
Firewall administrators are defined via Panorama (central management) or locally on the firewall. But not everyone should have cart-blanche access.
Role-based access control can limit the type of changes a firewall administrator can perform.
Authentication Methods
The most common method is to define an administrator using local authentication.
To add a firewall administrative account, navigate to Device > Administrators and click on Add.
Firewall Administrators
Specify a name for the account and password.
There are a few optional items such as the Authentication Profile and the Administrator Type, either Dynamic or Role Based.
An Authentication Profile is used with other authentication services.
The Administrator Type specifies a role. Dynamic includes built-in roles which include:
Dynamic RolePrivilegesSuperuserFull access to the firewallSuperuser (read-only)Read-only accessDevice AdministratorFull access to the firewall except creating new accounts and virtual systemsDevice Administrator (read-only)Read-only access to all firewall settings except password profiles and administrator accounts.
Role Based will include custom roles that you configure. This allows you to create more granular control over certain settings. This would be configured under Device > Admin Roles
For example, I can create an Admin Role called analyst which will have access to the Monitor Logs only.
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK