A Configuration Change from the Panorama, Using a Context Change, Creates a Correct Audit Trail

A Configuration Change from the Panorama, Using a Context Change, Creates a Correct Audit Trail

13188
Created On 09/25/18 17:46 PM - Last Modified 02/07/19 23:56 PM


Resolution


Summary

When the firewall is added to a Panorama for management, the administrative users can connect to the firewall with changing the context on the Panorama.

From there, all the changes can be done the same way as when the user is locally connected to the Firewall.

Usually there is a concern that when a change is made from the Panorama via the context change, the user that makes the change will not create a audit trail and the change can not be tracked.

On the Palo Alto devices, there is always a correct audit trail and this is true even in these scenarios when the changes are “proxyed” via the Panorama.

If a user changes a configuration on a firewall context from the Panorama we will see the Panorama logged user as the user who made the change.

Details

  1. Log in with a user other than an admin user on the Panorama.
  2. Make sure that the user has rights to make changes to the given firewall.
  3. Verify the user has rights to make changes to the given firewall. In this case, the user is called "emea" and is a RADIUS user.
    Screen Shot 2014-09-19 at 11.02.50 AM.png
  4. Change the context to point to the firewall where the change is needed.
  5. Make a change on the firewall.
    Screen Shot 2014-09-19 at 11.02.36 AM.png
  6. Navigate to Config Audit on the firewall itself and verify that the change is properly done and the user who made it is properly identified as the "emea" user.
    Screen Shot 2014-09-19 at 11.02.06 AM.png

owner: ialeksov
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClJNCA0&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language