Thanks for reply. I see several local accounts with superuser rights on our PA3020 (HA pair). From what I can tell, these are ‘local’ accounts, but use LDAP to authenticate when used to login to the PA (WebUI, SSH or XML API). I’m the IT Auditor, not the IT Firewall administrator, so I only have “superreader” privileges and have to enter my AD credentials to login into the webGUI. I am simply trying to understand why the generic ‘admin’ account is there. If password is only known/used by one person, then any accountability for its use would be known and understood. Looking to find out what is possible and what others are doing with regard to securing administrative access to their Palo Alto’s. Let's say we delete the local 'admin' account and our AD server goes down. Then I understand NO ONE would be able to login to administer the FW and edit the setup to point it to a new AD server (of course we would have much bigger issues on our hands as well). And no one would be able to access our network resources thru the PA based on User-ID based policies tied to AD user groups (again... a big problem). I'll have to check and see if our 3rd party support provider may be using this account. As to the second part of my question about the existance of an account called: panorama. Your response suggests that it's existance implies our PA is setup and feeding data to Panorama or was at one point in time. It wasn't my understanding we are were using Panorama at our company, to it may be a legacy account. Is it possible to to remove/delete this non-human account? Anything else to add, let me know... Thanks, Joe
... View more