Manualshelf

Hardware reference guide

ManualsBrandsAlto ManualsComputer equipmentBEXT 100H
111112113114115116117118119120
GlobalProtect Administrator’s Guide 107
Set Up the GlobalProtect Mobile Security Manager Set Up Administrative Access to the Mobile Security Manager
Set Up Administrative Access to the Mobile Security
Manager
By default, the GlobalProtect Mobile Security Manager comes preconfigured with a default administrative
account (admin), which provides full read-write access (also known as superuser access) to the appliance. As a
best practice, you should create a separate administrative account for each person who needs access to the
administrative or reporting functions of the appliance. This prevents unauthorized configuration (or
modification) and enables logging of the actions of each individual administrator.
There are two steps to setting up administrative access:
Set Up Administrative Authentication
Create an Administrative Account
Set Up Administrative Authentication
There are three ways to authenticate administrative users:
Local administrator account with local authentication—Both the administrator account credentials and
the authentication mechanisms are local to the appliance. You can further secure the local administrator
account by creating a password profile that defines a validity period for passwords and by setting device-wide
password complexity settings. With this type of account you do not need to perform any configuration tasks
before creating the administrative account. Continue to Create an Administrative Account.
Local administrator account with external authentication—The administrator accounts are managed
on the local firewall, but the authentication functions are offloaded to an existing LDAP, Kerberos, or
RADIUS service. To configure this type of account, you must first create an authentication profile that
defines how to access the external authentication service and then create an account for each administrator
that references the profile. See Create an Authentication Profile for instructions on setting up access to
external authentication services.
Local administrator account with certificate-based authentication—With this option, you create the
administrator accounts on the appliance, but authentication is based on SSH certificates (for CLI access) or
client certificates/common access cards (for the web interface). See Enable Certificate-Based Authentication
for the Web Interface and/or Enable SSH Certificate-Based Authentication for the Command Line
Interface for instructions.
Create an Authentication Profile
An authentication profile specifies the authentication service that validates the administrator’s credentials and
defines how to access that authentication service. You must create a server profile first so that the Mobile
Security Manager can access to a RADIUS, Kerberos, or an LDAP authentication server.