Why is the firewall displaying "__telemetryuser" as one of the admin user when it is not configured?

Why is the firewall displaying "__telemetryuser" as one of the admin user when it is not configured?

3023
Created On 11/07/25 10:03 AM - Last Modified 02/26/26 22:33 PM


Question


Why is the user named "__telemetryuser" displayed when running "show admin local all" command and in "Administrators"?

Environment


  • Next-Gen Firewalls
  • Panorama
  • Telemetry

Answer


  1. The user "__telemetryuser" with "Device Administrator" role is added when Telemetry is enabled on the firewall. 

  2. Purpose: This account is used internally by the firewall to collect and transmit operational and statistics data (telemetry) to Palo Alto Networks Cloud Services, such as the Customer Support Portal (CSP), for analysis and to enhance threat intelligence, AIOps, and other services.

  3. Functionality: Device Telemetry is an important feature that securely uploads data about the firewall's health, performance, and feature usage. This data is anonymized and helps Palo Alto Networks improve their products and services.

  4. Configuration: Telemetry can be enabled or disabled under Device > Setup > Management > Device Telemetry. When enabled, the __telemetryuser facilitates the automated, secure transfer of this data.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA1Ki000000fyZnKAI&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail