How to use XTAM to provide Privileged Account and Session Management for your Palo Alto device including Password Rotation
This FAQ article covers how to create an XTAM record to manage your SSH enabled Palo Alto network device, including secure, password-less remote connections with recording and automated password reset and rotation.
Creating an XTAM record to Manage your Palo Alto device
Login to XTAM as a System Administrator.
Navigate to Administration > Records Types.
Locate the Palo Alto Networks record type in the list and click the Edit button to its right.
On the Palo Alto Networks type edit page, locate the Hidden parameter and disable/remove the checked option. Click the Save button.
Navigate to Records > All Records.
From the Add Record dropdown menu, select Palo Alto Networks.
Enter a Name (required) and a Description (optional)
Populate your Palo Alto Networks device values into the Host, Port, User and Password fields.
Click Save and Return to continue.
Your Palo Alto Networks device is now under management in XTAM. You may use the Connect button to test connectivity and if you wish to implement a Password Reset policy, continue to the next section of this article.
Creating a policy to reset or rotate the Password for your Palo Alto Networks device
Open your Palo Alto Networks record in XTAM with a System Administrator or an account that has the Manage permission for Task Control.
Within this record, open the Manage menu and select the Tasks option.
By default, both the Check Status and Password Reset scripts will applied.
Next to the Password Reset script, click the Actions menu and select Edit Policy.
Choose your required Policy by selecting from the list of available events.
Click the Save button when finished.
Your password reset policy is now applied to the XTAM record managing your Palo Alto Networks device.