Palo Alto Networks firewalls can be configured to authenticate time updates from an NTP server(s).
Authenticated NTP prevents any tampering with the firewall's clock and in-turn any impact to the logging timestamps, certificate validity checks and other schedule-based policies and services.
In order to enable authenticated NTP, first designate an NTP server and select a type of authentication for the firewall.
Steps
On the Palo Alto Networks firewall, follow the steps below:
Go to Device > Setup > Services and select the NTP tab.
In the NTP Server Address field, enter the IP address or hostname of a NTP server.
In the Authentication Type field, select one of the following:
None (default). This option disables NTP authentication.
Symmetric Key. This option uses symmetric key exchange, which are shared secrets. Enter the key ID, algorithm, authentication key, and confirm the authentication key.
Autokey. This option uses auto key, or public key cryptography.