So I continue my journey to get this cert, I think I have procrastinated for too long and I need to get back to learning all the ins and outs for the technology. Again this certification is very heavy on configuration, HA concepts and maybe scattered between all their main Objectives. We are going to get working with Initial Configuration
Admin Roles
Like any other appliance out there, you have the ability to create different Admin roles and different permissions based on their job function
** On the green checkmarks, you can decide what access will be provided for this admin role
Now we are going to move to create a User account and assign it to the
* Make sure you change the Administrator type from Dynamic to Role Based (This allow us to get the Role we created previously)
** Don’t forget to commit your changes!
Admin Role – Testing it
So from the Role creation we removed few sections on the permissions:
Monitor
Network
Pricacy
Device
So lets see how things look like after we login with our new account
Our Major Configuration Tabs are now different and less than we had while we logged in with Admin
There are few more things as we examine deeper, but this one is the most notorious change.
How to make it happen from the CLI
So at the CLI the story is a bit different and just a little more complicated than in the GUI, the reason I mention this is becasue I basically had to reverse engineered my way into creating the CLI instruction, or maybe I could not find a good document that explains what I want to do
admin@firewall-a> configure
admin@firewall-a# set shared admin-role policy-test description Test_By_Andres role device web device
admin@firewall-a# set mgt-config users policy-admin permissions role-based custom profile policy-test
admin@firewall-# commit
Lets see what this thing did when I go to the GUI
The results are very funny and a bit expected, for what I can tell I only gave this role access to the Device, so the Device TAB is the only thing that shows up there, but I’m missing few other things that really will not be fun to configure over the CLI
As you can tell there are many things that need to be set up for the admin role, but for now it was a good excersice, and we were able to get our first experience with the PANOS CLI
What is next
Configure Ethernet Interfaces (vWire, Layer2, Layer 3, VIrtual Router, Management Profiles for Interfaces
About the Author:
Andres Sarmiento, CCIE # 53520 (Collaboration)
With more than 15 years of experience, Andres is specialized in Unified Communications and Collaboration technologies. Consulted for several companies in South Florida, also Financial Institutions on behalf of Cisco Systems. Andres has been involved in high-profile implementations including Cisco technologies; such as Data Center, UC & Collaboration, Contact Center Express, Routing & Switching, Security and Hosted IPT Service provider infrastructures.