A Configuration Change from the Panorama, Using a Context Change, Creates a Correct Audit Trail
Resolution
Summary
When the firewall is added to a Panorama for management, the administrative users can connect to the firewall with changing the context on the Panorama.
From there, all the changes can be done the same way as when the user is locally connected to the Firewall.
Usually there is a concern that when a change is made from the Panorama via the context change, the user that makes the change will not create a audit trail and the change can not be tracked.
On the Palo Alto devices, there is always a correct audit trail and this is true even in these scenarios when the changes are “proxyed” via the Panorama.
If a user changes a configuration on a firewall context from the Panorama we will see the Panorama logged user as the user who made the change.
Details
- Log in with a user other than an admin user on the Panorama.
- Make sure that the user has rights to make changes to the given firewall.
- Verify the user has rights to make changes to the given firewall. In this case, the user is called "emea" and is a RADIUS user.
- Change the context to point to the firewall where the change is needed.
- Make a change on the firewall.
- Navigate to Config Audit on the firewall itself and verify that the change is properly done and the user who made it is properly identified as the "emea" user.
owner: ialeksov