Can you configure Radius/TACACS+/LDAP authentication to access a dedicated log collector?

Can you configure Radius/TACACS+/LDAP authentication to access a dedicated log collector?

11004
Created On 05/17/20 11:36 AM - Last Modified 03/24/23 18:46 PM


Question


Can you configure Radius/TACACS+/LDAP authentication to access a dedicated log collector? 

Environment


  • PAN-OS 8.1. 9.0 and 9.1
  • Panorama is configured in logger mode (Dedicated Log Collector)

Answer


  1. A dedicated Log collector does not support external Authentication.
  2. External Authentication methods such as LDAP, Radius, TACACS+ are not supported on PAN-OS 9.1 and below. 
    1. TACACS+ is supported starting on PAN-OS 10.0 and above.
  3. The only authentication method supported is Local Authentication. Note that only the default "admin" user is supported.

Additional Information


TACACS+ is supported starting on PAN-OS 10.0 and above.

Panorama Features PAN-OS 10.0

Enhanced Authentication for Dedicated Log Collectors and WildFire AppliancesDedicated Log Collectors and WildFire appliances now support multiple local admins with granular authentication parameters, as well as remote authentication and authorization leveraging LDAP, RADIUS, or TACACS+ to enable central user management and ensure audit compliance. You can create and manage Log Collector and WildFire admins from the Panorama management server.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g0000008U5zCAE&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language