Configure Authenticated NTP on Palo Alto firewalls

Configure Authenticated NTP on Palo Alto firewalls

140199
Created On 09/25/18 17:46 PM - Last Modified 06/09/23 03:12 AM


Resolution


Overview

 

Palo Alto Networks firewalls can be configured to authenticate time updates from an NTP server(s).

Authenticated NTP  prevents any tampering with the firewall's clock and in-turn any impact to the logging timestamps, certificate validity checks and other schedule-based policies and services.

In order to enable authenticated NTP, first designate an NTP server and select a type of authentication for the firewall.

 

Steps

 

On the Palo Alto Networks firewall, follow the steps below:

  1. Go to Device > Setup > Services and select the NTP tab.
  2. In the NTP Server Address field, enter the IP address or hostname of a NTP server.
  3. In the Authentication Type field, select one of the following:
    • None (default). This option disables NTP authentication.
    • Symmetric Key. This option uses symmetric key exchange, which are shared secrets. Enter the key ID, algorithm, authentication key, and confirm the authentication key.
    • Autokey. This option uses auto key, or public key cryptography.
  4. Commit.

 Authenticated NTP.JPG

 

 

owner: ansharma
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClJFCA0&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language