Is there a way to limit the number of logged in administrators?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Is there a way to limit the number of logged in administrators?

L2 Linker

This came up as a question during a class and to my knowledge there is not a way to limit the number of logged in administrators, however the student asking presented a reasonable case;  In a service provider or large enterprise environment during a network event multiple administrators log into the firewall and begin looking at filtered logs.  Once more than about three get logged in the performance of the MP becomes significant enough to impede those administrators as they search for interesting log events.

My initial recommendation is to have the logs pointed at a log collection tool, and have the administrators use that tool for the filtered views.  Is that the only way to manage this type of load?

1 accepted solution

Accepted Solutions

L5 Sessionator

Hello gelgin,

As far as the firewall is concerned, the management plane would definitely take heavy toll if there are multiple administrators filtering traffic logs at the same time.  In order to cope up with Service providers and Enterprise level environments, we have a central managing system (virtualized or hardware based) called 'Panorama' where is specially dedicated for logging and reporting purposes. Its a central management system that manages several firewall together and can be ready in situations like yours.

More on Panorama:

Panorama Administrator's Guide 6.0 (English)

Panorama Design Planning

If Panorama is not an option, you can enable syslogging on the firewall and certainly leverage third party vendors like SPLUNK and SPICEWORKS.

Hope that helps!

Thanks and regards,

Kunal Adak

View solution in original post

3 REPLIES 3

L5 Sessionator

Hello gelgin,

As far as the firewall is concerned, the management plane would definitely take heavy toll if there are multiple administrators filtering traffic logs at the same time.  In order to cope up with Service providers and Enterprise level environments, we have a central managing system (virtualized or hardware based) called 'Panorama' where is specially dedicated for logging and reporting purposes. Its a central management system that manages several firewall together and can be ready in situations like yours.

More on Panorama:

Panorama Administrator's Guide 6.0 (English)

Panorama Design Planning

If Panorama is not an option, you can enable syslogging on the firewall and certainly leverage third party vendors like SPLUNK and SPICEWORKS.

Hope that helps!

Thanks and regards,

Kunal Adak

And thats what I thought... I pointed him in those directions as well... Maybe its worth a feature request for environments that may have operational constraints that demand the use of the firewall vs. an offline approach?

A maximum number of logged in users would be a good feature.  Let me know if you have a Feature Request number for this.

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center
  • 1 accepted solution
  • 2898 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!