Scribd
Upload
46 views4 pages

Configure An Admin Role Profile For Selective Push To Managed Firewalls

The document provides a guide for configuring an admin role profile in Panorama to enable selective pushes of configuration changes to managed firewalls, enhancing control and reducing risks of incomplete configurations. It outlines steps for creating and modifying admin roles, including privileges for pushing changes made by other administrators. The guide emphasizes the importance of committing changes and context switching between Panorama and managed firewalls.

Uploaded by

bibist
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
46 views4 pages

Configure An Admin Role Profile For Selective Push To Managed Firewalls

The document provides a guide for configuring an admin role profile in Panorama to enable selective pushes of configuration changes to managed firewalls, enhancing control and reducing risks of incomplete configurations. It outlines steps for creating and modifying admin roles, including privileges for pushing changes made by other administrators. The guide emphasizes the importance of committing changes and context switching between Panorama and managed firewalls.

Uploaded by

bibist
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

(/content/techdocs/en_US.

html)

Updated on Thu Oct 03 16:39:51 UTC 2024

Home (/) | Panorama (/content/techdocs/en_US/panorama.html)


| Panorama Administrator's Guide (/content/techdocs/en_US/panorama/11-0/panorama-admin.html)
| Set Up Panorama (/content/techdocs/en_US/panorama/11-0/panorama-admin/set-up-panorama.html)
| Set Up Administrative Access to Panorama (/content/techdocs/en_US/panorama/11-0/panorama-admin/set-up-panorama/set-up-
administrative-access-to-panorama.html)
| Configure an Admin Role Profile for Selective Push to Managed Firewalls (/content/techdocs/en_US/panorama/11-0/panorama-
admin/set-up-panorama/set-up-administrative-access-to-panorama/configure-an-admin-role-profile-for-selective-push-to-managed-
firewalls.html)

DOWNLOAD PDF (/CONTENT/DAM/TECHDOCS/EN_US/PDF/PANORAMA/11-0/PANORAMA-ADMIN/PANORAMA-


ADMIN.PDF)

Panorama Administrator's Guide


(/content/techdocs/en_US/panorama/11-
0/panorama-admin.html)
Configure an Admin Role Profile for Selective Push to Managed Firewalls

Table of Contents

End-of-Life (EoL)

To allow for greater control of configuration changes of managed firewalls, create an admin role profile to enable a Panorama
administrator to push configuration for one or more Panorama administrators from the Panorama™ management server to
managed firewalls. After you commit selective configuration changes to Panorama (/content/techdocs/en_US/panorama/11-
0/panorama-admin/administer-panorama/commit-selective-configuration-changes-for-managed-devices.html), you can
select specific Panorama admin changes (/content/techdocs/en_US/panorama/11-0/panorama-admin/administer-
panorama/push-selective-configuration-changes-to-managed-devices.html) to review the configuration changes and then
push only those changes made by the selected admins to your managed firewalls. Leveraging selective pushes to managed
firewalls also reduces the risk of pushing incomplete device group and template configurations to managed firewalls by
allowing you to explicitly exclude incomplete configuration changes when you push to managed firewalls. This helps mitigate
and avoid potential outages and configuration related issues that could cause network disruptions,.

Administrators with Superuser or Panorama admin role privileges can push and review object level changes of other
administrators by default. However, you can modify the Panorama administrator admin roles to modify the object level
configuration privileges as needed.

STEP 1 -
Log in to the Panorama Web Interface (/content/techdocs/en_US/panorama/11-0/panorama-admin/set-up-
panorama/access-and-navigate-panorama-management-interfaces/log-in-to-the-panorama-web-
interface.html#id60bb9ed6-4859-441a-8c86-f2a81f2cb38e).

STEP 2 -
This site uses( cookies
Optionalessential to its
) Select operation,
Device for analytics,
> Admin Roles andand select
for personalized contentinand
the Template ads.to
which Byconfigure a firewall admin role
continuing toprofile
browse(https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/firewall-administration/manage-
this site, you acknowledge the use of cookies. Privacy statement ❯ Cookie Settings
(https://www.paloaltonetworks.com/legal-notices/privacy)
firewall-administrators/configure-an-admin-role-profile.html).
You must create an Admin Role profile on the firewall and assign it to the Panorama management server Admin
Role profile to allow administrators to context switch (/content/techdocs/en_US/panorama/11-0/panorama-
admin/panorama-overview/centralized-firewall-configuration-and-update-management/context-
switchfirewall-or-panorama.html#id44fd7efe-a4b1-4e9e-8ec9-9bafb2c3fa63) between Panorama and
managed firewall web interfaces.

STEP 3 -
Select Panorama > Admin Roles and Add a new admin role.

STEP 4 -
Enter a descriptive Name for the admin role.

STEP 5 -
Select the Panorama admin role.

STEP 6 -
Select Web UI and navigate to the Commit privileges.

STEP 7 -
Configure the object level configuration privileges as needed.

All object level configuration privileges are enabled by default.

The default Superuser or Panorama admin role privileges support full object level configuration privileges.

Push All Changes—Allow the administrator to push all changes made by all admins.

Push For Other Admins—Allows the administrator select and push configuration changes made by other
administrators.

Object Level Changes—Allows the administrator to view individual configuration objects to push. If
disabled, the list of configuration objects is not displayed in the Push Scope.

This site uses cookies essential to its operation, for analytics, and for personalized content and ads. By
continuing to browse this site, you acknowledge the use of cookies. Privacy statement ❯
(https://www.paloaltonetworks.com/legal-notices/privacy)
STEP 8 -
( Optional ) To allow Panorama administrators to Context Switch between the Panorama and firewall web
interface, enter the name of Device Admin Role you configured in Step 1.

STEP 9 -
Click OK.

STEP 10 -
Configure a custom Panorama administrator (/content/techdocs/en_US/panorama/11-0/panorama-admin/set-
up-panorama/set-up-administrative-access-to-panorama/configure-administrative-accounts-and-
authentication/configure-a-panorama-administrator-account.html#id23798e8c-637f-4e7c-8ff8-
f1f61a88d6ce) and select the Admin Role you created.

STEP 11 -
Commit and Commit to Panorama.

Was this information helpful?

Yes No

Previous (/content/techdocs/en_US/panorama/11- Next


(/content/techdocs/en_US/panorama/11-
Configure
This site 0/panorama-admin/set-up-panorama/set-up-
uses cookies Configure content and ads. By
essential to its operation, for analytics, and for personalized 0/panorama-admin/set-up-panorama/set-up-
administrative-access-to-
an Admin
continuing an
to browse this site, you acknowledge the use of cookies. Privacy ❯
statement administrative-access-to-
panorama/configure-an-admin-role-
(https://www.paloaltonetworks.com/legal-notices/privacy) panorama/configure-an-access-domain.html)
profile.html)
Role Access
Profile Domain

Technical Documentation Co

Release Notes (/content/techdocs/en_US/release-notes.html) Abo


Search (/content/techdocs/en_US/search.html) Care
Blog (https://www.paloaltonetworks.com/blog/category/technical- Cus
documentation/) LIVE
Compatibility Matrix (/content/techdocs/en_US/compatibility- Kno
matrix.html)
OSS Listings (/content/techdocs/en_US/oss-listings.html)
Sitemap (/content/techdocs/en_US/sitemap.html)

(https://www.facebook.com/PaloAltoNetworks) (https://w
(https://www.youtube.com/channel/UCPRouchFt58TZnjoI65aelA)

(/content/techdocs/en_US.html) © 2025 Palo Alto Ne

This site uses cookies essential to its operation, for analytics, and for personalized content and ads. By
continuing to browse this site, you acknowledge the use of cookies. Privacy statement ❯
(https://www.paloaltonetworks.com/legal-notices/privacy)

You might also like