\nklikamy add<\/p>\n
Dictionary Name<\/strong>: PaloAlto – nasza nazwa klikamy submit<\/strong><\/p>\n przechodzimy do nowo utworzonego profilu po czym przechodzimy do Dictionary Attributes.<\/strong>\u00a0Klikamy add Attribute Name<\/strong>: PaloAlto-Admin-Role Wybieramy grup\u0119 AD, w \u00a0kt\u00f3rej b\u0119d\u0105 u\u017cytkownicy mog\u0105cy\u00a0zalogowa\u0107 si\u0119 na Palo<\/p>\n Przechodzimy do Administration<\/strong> –> Indetity Management<\/strong> –> External Identity Soures,<\/strong> wybieramy Active Direcory<\/strong>\u00a0oraz nasz punkt spi\u0119cia z naszym AD. Tam wybieramy Groups,\u00a0<\/strong>dodajemy Add z menu Select Dictionary Groups<\/strong>\u00a0po czym otworzy si\u0119 okno, w kt\u00f3rym mo\u017cemy wyszuka\u0107 nasz\u0105 grup\u0119 dodaj\u0105c j\u0105 do ISE.<\/p>\n Tworzymy profil dozwolonych protoko\u0142\u00f3w komunikacji PALO ISE, przechodzimy do Policy<\/strong> –> Policy Elements<\/strong> –> Results<\/strong> –> Authentication<\/strong> –> Allowed Protocols,<\/strong> klikamy Add<\/p>\n Tworzymy profil autoryzacyjny, przechodzimy do Policy<\/strong> –> Policy Elements<\/strong> –> Results<\/strong> –> Authorization<\/strong> –> Authoriztion Profiles,<\/strong> kliamy Add<\/p>\n W polu Attributes Details<\/strong> mamy taki wynik:<\/p>\n przechodzimy do utworzenia regu\u0142y autoryzacyjnej, gdzie idziemy do Polcy<\/strong> –> Authorization<\/strong><\/p>\n dodajemy now\u0105 rul\u0119\u00a0gdzie: <\/p>\n Prszyszed\u0142 czas na konfiguracj\u0119\u00a0naszego Palo. Po zalogowaniu si\u0119 przechodzimy do Device<\/strong> –> Server Profiles<\/strong> –> Radius,<\/strong> dodajemy nowy profil z ISE<\/p>\n gdzie:<\/p>\n Profil Name<\/strong>: nasz profil Radiusa<\/p>\n w polu servers<\/strong> dodajemy nasze serwery radiusa (w mym przypadku jest to jeden serwer)<\/p>\n Name:\u00a0<\/strong>nasza nazwa rozpoznawcza<\/p>\n RADIUS Server<\/strong>: adres IP lub FQDN naszego radiusa<\/p>\n Secret<\/strong>: nasze ustawione has\u0142o<\/p>\n Port<\/strong>: Standardowo 1812<\/p>\n CLI<\/p>\n Tworzymy profil Admin Roles – dzi\u0119ki temu profilowi mo\u017cliwe b\u0119dzie zalogowanie si\u0119 u\u017cytkownika z odpowiednimi uprawnieniami.<\/p>\n W tym miejscu wa\u017cne jest aby nazwa profilu by\u0142a taka sama jak zdefiniowali\u015bmy j\u0105 na serwerze ISE admin-radius<\/strong><\/p>\n Cli<\/p>\n Tworzymy profil dla Authentication Profile,<\/strong> gdzie b\u0119dziemy wykorzystywa\u0107 nasz profil dla ISE:<\/p>\n Cli<\/p>\n Po wykonaniu commitu pr\u00f3bujemy zalogowa\u0107 si\u0119 do urz\u0105dzenia po ssh<\/p>\n w logach PA widzimy:<\/p>\n Web<\/p>\n wyszukujemy po:<\/p>\n lub jak ni\u017cej na screenie:<\/p>\n Jak chcemy wyszuka\u0107 b\u0142\u0119dne autoryzacje\u00a0stosujemy filtr:<\/p>\n CLI<\/p>\n <\/p>\n Taki u\u017cytkownik nie mo\u017ce dodawa\u0107 kont lokalnych i modyfikowa\u0107 ich oraz dodawa\u0107\/modyfkowa\u0107 Admin Rulses\u00a0<\/strong>tak jak wida\u0107 ni\u017cej pola add oraz delete mam wyszarzane:<\/p>\n gdzie Name\u00a0<\/strong>jest naszym userem, kt\u00f3ry jest w Radiusie.<\/p>\n CLI<\/p>\n Po takim zabiegu mamy konto z full uprawnieniami, zalogowany administrator ju\u017c mo\u017ce modyfikowa\u0107 Admin Roles<\/strong><\/p>\n Poprzednie wpisy dotycz\u0105ce ISE:<\/p>\n Po d\u0142u\u017cszej przerwie wr\u00f3ci\u0142em do integracji Cisco ISE 2.0 z Palo Alto Networks wykorzystuj\u0105c Radiusa z ISE jako punkt uwierzytelniania kont administracyjnych. Wiem, \u017ce zapewne wi\u0119kszo\u015b\u0107 autoryzacji kont administracyjnych opiera si\u0119 o LDAP oraz AD. Natomiast ja jak zawsz\u0119 musz\u0119 kombinowa\u0107 i komplikowa\u0107 scenariusze do labowania, ale dzi\u0119ki takiemu podej\u015bciu jestem w stanie bardziej pozna\u0107 […]<\/p>\n","protected":false},"author":1,"featured_media":304,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"LAB - ISE jako radius dla PaloAlto dla kont Admina [in Polish lang. how to integrate Cisco ISE with palo alto netowrks for admin account ]","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[4,84,78],"tags":[250,150,244,246,245,243,248,138,81,80,140,247,86,249],"class_list":["post-840","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cisco","category-lab","category-palo-alto","tag-250","tag-aaa","tag-admin","tag-admin-role","tag-authentication-profile","tag-cisco-ise-2-0","tag-dictionary","tag-ise","tag-palo-alto-networks","tag-paloalto","tag-radius","tag-server-profile","tag-user","tag-vendor-id-25461"],"yoast_head":"\n![\"palo_ise01\"](\"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2016\/05\/palo_ise01.png?resize=661%2C269\")
<\/a><\/p>\n
\nVendor ID<\/strong>: 25461<\/p>\n
\nzgodnie z dokumentacj\u0105 PaloAlto. W tej chwili b\u0119dzie nam potrzebny jeden atrybut
\n![\"palo_ise02\"](\"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2016\/05\/palo_ise02.png?resize=770%2C357\")
<\/p>\n
\nData Type<\/strong>: String
\nDirection<\/strong>: Both
\nID<\/strong>: 1
\nW kroku kolejnym tworzymy profil dla urz\u0105dza\u0144 typu PaloAlto. Przechodzimy do Administration<\/strong> –> Network Resources<\/strong> –> Network Device Profiles<\/strong> klikamy Add<\/p>\n![\"palo_ise03\"](\"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2016\/05\/palo_ise03.png?resize=770%2C411\")
\nDodajemy nasze urz\u0105dzenie do ISE, przechodzimy do Administration<\/strong> –> Network Resources<\/strong> –> Network Devices<\/strong> klikamy Add<\/p>\n![\"palo_ise09\"](\"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2016\/05\/palo_ise09.png?resize=770%2C510\")
<\/a>
\nPodajemy dane:
\nName<\/strong>: nazw\u0119 dla naszego urz\u0105dzenia
\nIP Address<\/strong>: podajemy adres ip, z kt\u00f3rego nasze urz\u0105dzenie b\u0119dzie si\u0119 komunikowa\u0142o z serwerem ISE
\nDevice Profile<\/strong>: wybieramy nasz profil dla urz\u0105dze\u0144 Palo
\nDevice Type<\/strong>: ja stworzy\u0142em oddzielne repo dla urz\u0105dz\u0119\u0144 tego typu
\nLocation<\/strong>: r\u00f3wnie\u017c podzieli\u0142em na lokalizacj\u0119
\nWybieramy: RADIUS Authentication Settings<\/strong>
\nw polu Shared Secret<\/strong> wpisujemy nasze has\u0142o, kt\u00f3re b\u0119dzie wykorzystywane do po\u0142\u0105czenia PALO do ISE<\/p>\n![\"palo_ise04\"](\"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2016\/05\/palo_ise04.png?resize=770%2C484\")
<\/a><\/p>\n![\"palo_ise05\"](\"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2016\/05\/palo_ise05.png?resize=443%2C357\")
<\/a><\/p>\n![\"palo_ise06\"](\"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2016\/05\/palo_ise06.png?resize=770%2C517\")
<\/a>
\nw polu Advanced Attributes Settings<\/strong> wybieramy z menu PaloAlto<\/strong> –> PaloAlto-Admin-Role,<\/strong> w polu obok wpisujemy nazw\u0119 naszego profilu z Palo, kt\u00f3ry p\u00f3\u017aniej zostanie skonfigurowany na Palo.<\/p>\nAccess Type = ACCESS_ACCEPT\r\nPaloAlto-Admin-Role = admin-radius<\/pre>\n
![\"palo_ise07\"](\"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2016\/05\/palo_ise07.png?resize=770%2C96\")
<\/a><\/p>\n
\nRule Name<\/strong>: nasza nazwa regu\u0142y
\nwarunki:
\nIf ANY and ISE-SRV:memberOf maches CN=PA-admin-full,CN=Users,DC=safekom,DC=pl
\nand DEVICE:Device Type Equals Device Type#All Device Types#Palo
\nthen Palo-auth<\/p>\nKonfiguracja Palo<\/h5>\n
![\"palo_ise08\"](\"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2016\/05\/palo_ise08.png?resize=770%2C422\")
<\/a><\/p>\nset shared server-profile radius ISE server ISE01 secret -AQ==gPzxJUAM1wLKKOPC5tJg+lHyn0A=aloUXPMeEZ6yM\/xJpgEVLA==\r\nset shared server-profile radius ISE server ISE01 port 1812\r\nset shared server-profile radius ISE server ISE01 ip-address 192.168.1.55<\/pre>\n
![\"palo_ise10\"](\"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2016\/05\/palo_ise10.png?resize=770%2C434\")
<\/a><\/p>\nset shared admin-role admin-radius role device cli superuser\r\nset shared admin-role admin-radius role device webui dashboard enable\r\nset shared admin-role admin-radius role device webui acc enable\r\nset shared admin-role admin-radius role device webui monitor logs traffic enable\r\nset shared admin-role admin-radius role device webui monitor logs threat enable\r\nset shared admin-role admin-radius role device webui monitor logs url enable\r\nset shared admin-role admin-radius role device webui monitor logs wildfire enable\r\nset shared admin-role admin-radius role device webui monitor logs data-filtering enable\r\nset shared admin-role admin-radius role device webui monitor logs hipmatch enable\r\nset shared admin-role admin-radius role device webui monitor logs configuration enable\r\nset shared admin-role admin-radius role device webui monitor logs system enable\r\nset shared admin-role admin-radius role device webui monitor logs alarm enable\r\nset shared admin-role admin-radius role device webui monitor automated-correlation-engine correlation-objects enable\r\nset shared admin-role admin-radius role device webui monitor automated-correlation-engine correlated-events enable\r\nset shared admin-role admin-radius role device webui monitor packet-capture enable\r\nset shared admin-role admin-radius role device webui monitor app-scope enable\r\nset shared admin-role admin-radius role device webui monitor session-browser enable\r\nset shared admin-role admin-radius role device webui monitor botnet enable\r\nset shared admin-role admin-radius role device webui monitor pdf-reports manage-pdf-summary enable\r\nset shared admin-role admin-radius role device webui monitor pdf-reports pdf-summary-reports enable\r\nset shared admin-role admin-radius role device webui monitor pdf-reports user-activity-report enable\r\nset shared admin-role admin-radius role device webui monitor pdf-reports saas-application-usage-report enable\r\nset shared admin-role admin-radius role device webui monitor pdf-reports report-groups enable\r\nset shared admin-role admin-radius role device webui monitor pdf-reports email-scheduler enable\r\nset shared admin-role admin-radius role device webui monitor custom-reports application-statistics enable\r\nset shared admin-role admin-radius role device webui monitor custom-reports data-filtering-log enable\r\nset shared admin-role admin-radius role device webui monitor custom-reports threat-log enable\r\nset shared admin-role admin-radius role device webui monitor custom-reports threat-summary enable\r\nset shared admin-role admin-radius role device webui monitor custom-reports traffic-log enable\r\nset shared admin-role admin-radius role device webui monitor custom-reports traffic-summary enable\r\nset shared admin-role admin-radius role device webui monitor custom-reports url-log enable\r\nset shared admin-role admin-radius role device webui monitor custom-reports url-summary enable\r\nset shared admin-role admin-radius role device webui monitor custom-reports hipmatch enable\r\nset shared admin-role admin-radius role device webui monitor custom-reports wildfire-log enable\r\nset shared admin-role admin-radius role device webui monitor view-custom-reports enable\r\nset shared admin-role admin-radius role device webui monitor application-reports enable\r\nset shared admin-role admin-radius role device webui monitor threat-reports enable\r\nset shared admin-role admin-radius role device webui monitor url-filtering-reports enable\r\nset shared admin-role admin-radius role device webui monitor traffic-reports enable\r\nset shared admin-role admin-radius role device webui policies security-rulebase enable\r\nset shared admin-role admin-radius role device webui policies nat-rulebase enable\r\nset shared admin-role admin-radius role device webui policies qos-rulebase enable\r\nset shared admin-role admin-radius role device webui policies pbf-rulebase enable\r\nset shared admin-role admin-radius role device webui policies ssl-decryption-rulebase enable\r\nset shared admin-role admin-radius role device webui policies application-override-rulebase enable\r\nset shared admin-role admin-radius role device webui policies captive-portal-rulebase enable\r\nset shared admin-role admin-radius role device webui policies dos-rulebase enable\r\nset shared admin-role admin-radius role device webui objects addresses enable\r\nset shared admin-role admin-radius role device webui objects address-groups enable\r\nset shared admin-role admin-radius role device webui objects regions enable\r\nset shared admin-role admin-radius role device webui objects applications enable\r\nset shared admin-role admin-radius role device webui objects application-groups enable\r\nset shared admin-role admin-radius role device webui objects application-filters enable\r\nset shared admin-role admin-radius role device webui objects services enable\r\nset shared admin-role admin-radius role device webui objects service-groups enable\r\nset shared admin-role admin-radius role device webui objects tags enable\r\nset shared admin-role admin-radius role device webui objects global-protect hip-objects enable\r\nset shared admin-role admin-radius role device webui objects global-protect hip-profiles enable\r\nset shared admin-role admin-radius role device webui objects dynamic-block-lists enable\r\nset shared admin-role admin-radius role device webui objects custom-objects data-patterns enable\r\nset shared admin-role admin-radius role device webui objects custom-objects spyware enable\r\nset shared admin-role admin-radius role device webui objects custom-objects vulnerability enable\r\nset shared admin-role admin-radius role device webui objects custom-objects url-category enable\r\nset shared admin-role admin-radius role device webui objects security-profiles antivirus enable\r\nset shared admin-role admin-radius role device webui objects security-profiles anti-spyware enable\r\nset shared admin-role admin-radius role device webui objects security-profiles vulnerability-protection enable\r\nset shared admin-role admin-radius role device webui objects security-profiles url-filtering enable\r\nset shared admin-role admin-radius role device webui objects security-profiles file-blocking enable\r\nset shared admin-role admin-radius role device webui objects security-profiles wildfire-analysis enable\r\nset shared admin-role admin-radius role device webui objects security-profiles data-filtering enable\r\nset shared admin-role admin-radius role device webui objects security-profiles dos-protection enable\r\nset shared admin-role admin-radius role device webui objects security-profile-groups enable\r\nset shared admin-role admin-radius role device webui objects log-forwarding enable\r\nset shared admin-role admin-radius role device webui objects decryption-profile enable\r\nset shared admin-role admin-radius role device webui objects schedules enable\r\nset shared admin-role admin-radius role device webui network interfaces enable\r\nset shared admin-role admin-radius role device webui network zones enable\r\nset shared admin-role admin-radius role device webui network vlans enable\r\nset shared admin-role admin-radius role device webui network virtual-wires enable\r\nset shared admin-role admin-radius role device webui network virtual-routers enable\r\nset shared admin-role admin-radius role device webui network ipsec-tunnels enable\r\nset shared admin-role admin-radius role device webui network dhcp enable\r\nset shared admin-role admin-radius role device webui network dns-proxy enable\r\nset shared admin-role admin-radius role device webui network global-protect portals enable\r\nset shared admin-role admin-radius role device webui network global-protect gateways enable\r\nset shared admin-role admin-radius role device webui network global-protect mdm enable\r\nset shared admin-role admin-radius role device webui network global-protect device-block-list enable\r\nset shared admin-role admin-radius role device webui network qos enable\r\nset shared admin-role admin-radius role device webui network lldp enable\r\nset shared admin-role admin-radius role device webui network network-profiles gp-app-ipsec-crypto enable\r\nset shared admin-role admin-radius role device webui network network-profiles ike-gateways enable\r\nset shared admin-role admin-radius role device webui network network-profiles ipsec-crypto enable\r\nset shared admin-role admin-radius role device webui network network-profiles ike-crypto enable\r\nset shared admin-role admin-radius role device webui network network-profiles tunnel-monitor enable\r\nset shared admin-role admin-radius role device webui network network-profiles interface-mgmt enable\r\nset shared admin-role admin-radius role device webui network network-profiles zone-protection enable\r\nset shared admin-role admin-radius role device webui network network-profiles qos-profile enable\r\nset shared admin-role admin-radius role device webui network network-profiles lldp-profile enable\r\nset shared admin-role admin-radius role device webui network network-profiles bfd-profile enable\r\nset shared admin-role admin-radius role device webui device setup management enable\r\nset shared admin-role admin-radius role device webui device setup operations enable\r\nset shared admin-role admin-radius role device webui device setup services enable\r\nset shared admin-role admin-radius role device webui device setup content-id enable\r\nset shared admin-role admin-radius role device webui device setup wildfire enable\r\nset shared admin-role admin-radius role device webui device setup session enable\r\nset shared admin-role admin-radius role device webui device setup hsm enable\r\nset shared admin-role admin-radius role device webui device high-availability enable\r\nset shared admin-role admin-radius role device webui device config-audit enable\r\nset shared admin-role admin-radius role device webui device administrators read-only\r\nset shared admin-role admin-radius role device webui device admin-roles read-only\r\nset shared admin-role admin-radius role device webui device authentication-profile enable\r\nset shared admin-role admin-radius role device webui device authentication-sequence enable\r\nset shared admin-role admin-radius role device webui device user-identification enable\r\nset shared admin-role admin-radius role device webui device vm-info-source enable\r\nset shared admin-role admin-radius role device webui device certificate-management certificates enable\r\nset shared admin-role admin-radius role device webui device certificate-management certificate-profile enable\r\nset shared admin-role admin-radius role device webui device certificate-management ocsp-responder enable\r\nset shared admin-role admin-radius role device webui device certificate-management ssl-tls-service-profile enable\r\nset shared admin-role admin-radius role device webui device certificate-management scep enable\r\nset shared admin-role admin-radius role device webui device block-pages enable\r\nset shared admin-role admin-radius role device webui device log-settings system enable\r\nset shared admin-role admin-radius role device webui device log-settings config enable\r\nset shared admin-role admin-radius role device webui device log-settings hipmatch enable\r\nset shared admin-role admin-radius role device webui device log-settings cc-alarm enable\r\nset shared admin-role admin-radius role device webui device log-settings manage-log enable\r\nset shared admin-role admin-radius role device webui device server-profile snmp-trap enable\r\nset shared admin-role admin-radius role device webui device server-profile syslog enable\r\nset shared admin-role admin-radius role device webui device server-profile email enable\r\nset shared admin-role admin-radius role device webui device server-profile netflow enable\r\nset shared admin-role admin-radius role device webui device server-profile radius enable\r\nset shared admin-role admin-radius role device webui device server-profile tacplus enable\r\nset shared admin-role admin-radius role device webui device server-profile ldap enable\r\nset shared admin-role admin-radius role device webui device server-profile kerberos enable\r\nset shared admin-role admin-radius role device webui device local-user-database users enable\r\nset shared admin-role admin-radius role device webui device local-user-database user-groups enable\r\nset shared admin-role admin-radius role device webui device scheduled-log-export enable\r\nset shared admin-role admin-radius role device webui device software enable\r\nset shared admin-role admin-radius role device webui device global-protect-client enable\r\nset shared admin-role admin-radius role device webui device dynamic-updates enable\r\nset shared admin-role admin-radius role device webui device licenses enable\r\nset shared admin-role admin-radius role device webui device support enable\r\nset shared admin-role admin-radius role device webui device master-key enable\r\nset shared admin-role admin-radius role device webui privacy show-full-ip-addresses enable\r\nset shared admin-role admin-radius role device webui privacy show-user-names-in-logs-and-reports enable\r\nset shared admin-role admin-radius role device webui privacy view-pcap-files enable\r\nset shared admin-role admin-radius role device webui validate enable\r\nset shared admin-role admin-radius role device webui commit enable\r\nset shared admin-role admin-radius role device webui global system-alarms enable\r\nset shared admin-role admin-radius role device xmlapi report enable\r\nset shared admin-role admin-radius role device xmlapi log enable\r\nset shared admin-role admin-radius role device xmlapi config enable\r\nset shared admin-role admin-radius role device xmlapi op enable\r\nset shared admin-role admin-radius role device xmlapi commit enable\r\nset shared admin-role admin-radius role device xmlapi user-id enable\r\nset shared admin-role admin-radius role device xmlapi export enable\r\nset shared admin-role admin-radius role device xmlapi import enable<\/pre>\n
![\"palo_ise11\"](\"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2016\/05\/palo_ise11.png?resize=770%2C309\")
<\/a>
\nw Type<\/strong> wybieramy RADIUS
\nServer Profile<\/strong> wybieramy nasz profil ISE
\nW Advanced<\/strong>
\nw Allow List<\/strong> dajemy all<\/strong><\/p>\n![\"palo_ise12\"](\"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2016\/05\/palo_ise12.png?resize=599%2C500\")
<\/a><\/p>\nset shared authentication-profile ISE method radius server-profile ISE\r\nset shared authentication-profile ISE allow-list all\r\nset shared authentication-profile ISE lockout lockout-time 1\r\nset shared authentication-profile ISE lockout failed-attempts 5<\/pre>\n
![\"palo_ise13\"](\"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2016\/05\/palo_ise13.png?resize=496%2C64\")
<\/a><\/p>\n( object eq auth )<\/pre>\n
( eventid eq auth-success )<\/pre>\n
( eventid eq auth-fail )<\/pre>\n
![\"palo_ise18\"](\"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2016\/05\/palo_ise18-1.png?resize=770%2C336\")
<\/a><\/p>\nmichal-adminpa@PA-VM> show log system eventid equal auth-success\r\nTime Severity Subtype Object EventID ID Description\r\n===============================================================================\r\n2016\/05\/10 13:00:16 info general auth auth-su 0 authenticated for user 'michal-adminpa'. auth profile 'auth', vsys 'shared', server profile\r\n 'ISE', server address '192.168.1.55', From: 192.168.1.10.<\/pre>\n
![\"palo_ise17\"](\"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2016\/05\/palo_ise17.png?resize=770%2C376\")
\nAby umo\u017cliwi\u0107 dost\u0119p na pe\u0142nych prawach musimy utworzy\u0107 konto Administratora:<\/p>\n![\"palo_ise15\"](\"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2016\/05\/palo_ise15.png?resize=649%2C242\")
<\/a><\/p>\nset mgt-config users michal permissions role-based superuser yes\r\nset mgt-config users michal authentication-profile ISE<\/pre>\n
![\"palo_ise19\"](\"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2016\/05\/palo_ise19.png?resize=770%2C375\")
<\/a><\/p>\n\n