Which three user authentication services can be modified to provide the Palo Alto Networks NGFW with both usernames and role names? (Choose three.)
Which three user authentication services can be modified to provide the Palo Alto Networks NGFW with both usernames and role names? (Choose three.)
The user authentication services that can be modified to provide the Palo Alto Networks NGFW (Next-Generation Firewall) with both usernames and role names include TACACS+, SAML, and RADIUS. These services support administrative authentication and authorization by defining roles and access domains on external servers. The firewall maps the attributes, including roles, from these services to the administrator roles and access configurations on the device. Other authentication services like Kerberos, LDAP, and PAP require locally defined admin accounts on the firewall, which limits their ability to provide role information in the same capacity.
Correct: A,E,F The administrative accounts are DEFINED on an external SAML, TACACS+, or RADIUS server. The server performs both authentication and authorization. For authorization, you define Vendor-Specific Attributes (VSAs) on the TACACS+ or RADIUS server, or SAML attributes on the SAML server. PAN-OS maps the attributes to administrator roles, access domains, user groups, and virtual systems that you define on the firewall. Kerberos, LDAP, and PAP required the admin account to be locally defined on the firewall. https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/firewall-administration/manage-firewall-administrators/administrative-authentication.html
Correct: A, E, F https://docs.paloaltonetworks.com/pan-os/8-0/pan-os-admin/firewall-administration/manage-firewall-administrators/administrative-authentication#
A,E,F https://docs.paloaltonetworks.com/pan-os/8-0/pan-os-admin/firewall-administration/manage-firewall-administrators/administrative-authentication
A E F https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/firewall-administration/manage-firewall-administrators/administrative-authentication Only AEF can map roles from external auth services. Other requires to manage roles locally on the firewall.
AEF Central management of account authorization (role and access domain assignments). SAML, TACACS+, and RADIUS support this option for administrators. more info https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/authentication/authentication-types/external-authentication-services.html
Correct ans = AEF
A, E and F correct
you can use LDAP too
https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/firewall-administration/manage-firewall-administrators/administrative-authentication