Create a Palo Alto Panorama Machine
Table of Contents
Expand all | Collapse all
-
- Activate Next-Generation Trust Security
-
-
- Configure Akamai Connection
- Configure AWS Connection
- Configure Azure Key Vault Connection
-
- Workload Identity Federation Authentication
- Workload Identity Federation - Azure Identity Provider Authentication
- Next-Gen Trust Security Generated Key Authentication
- User Permissions
- Workload Identity Federation Authentication
- Next-Gen Trust Security Generated Key Authentication
- User Permissions
- Supported OIDC Claims
-
-
-
- Working with the Built-in CA
- Add AWS Public CA
- Add AWS Private CA
- Add DigiCert One Certificate Authority
- Add Entrust
- Add GlobalSign Atlas
- Add GlobalSign MSSL
- Add GoDaddy
- Add Google Cloud Private CA
- Add a HID PKIaaS CA
- Add Certificate Manager - Self-Hosted
- Set Up an OpenSSL Certificate Authority Connector
- Create a Sectigo Certificate Manager Certificate Authority
- Add Zero Touch PKI
- Set Up Certificate Expiration Notifications
- Using a Custom DNS Provider
-
-
-
-
- Create an F5 BIG-IP LTM Machine
- Create a Microsoft Azure Private Key Vault Machine
- Create a Microsoft Azure Application Registration Machine
- Create a Microsoft IIS Machine
- Create a Microsoft Windows (PowerShell) Machine
- Create a Microsoft SQL Server Machine
- Create a Common KeyStore Machine
- Create a Citrix ADC Machine
- Create an Imperva WAF Machine
- Create a VMware NSX Advanced Load Balancer (AVI) Machine
- Create an A10 Thunder ADC Machine
- Create a Cloudflare Machine
- Create Kemp Virtual LoadMaster Machine
- Create a Palo Alto Panorama Machine
- Create a Radware Alteon Machine
-
- Provision to an F5 BIG-IP LTM
- Provision to a Microsoft Azure Private Key Vault
- Provision to Microsoft IIS
- Provision to Microsoft Windows (PowerShell)
- Provision to Microsoft SQL Server
- Provision to a Common KeyStore
- Provision to a Citrix ADC
- Provision to an Imperva WAF
- Provision to VMware NSX Advanced Load Balancer (AVI)
- Provision to an A10 Thunder ADC
- Provision to Cloudflare
- Provision to a Kemp Virtual LoadMaster
- Provision to Palo Alto Panorama
- Provision Certificates to Radware Alteon
-
-
- 47-Day Validity Readiness TLS Certificates dashboard
- About the Certificate Inventory
- Managing Certificate Lifecycle Settings
- Reissuing Certificates in Next-Gen Trust Security
- Downloading Certificates, Certificate Chains, and Keystores
- Retiring, Recovering, and Deleting Certificates
- Finding Certificates in the Certificate Inventory
- Importing Certificates from a CA Using EJBCA
- Domain-Based Validation for External Emails
-
- Create a Workload Identity Management or Discovery Agent Built-in Account
- Create an OCI Registry Built-in Account
- Create a Certificate Manager - Self-Hosted Built-in Account
- Create a Scanafi Built-in Account
- Toggling a Built-in Account on or Off
- Editing Built-in Accounts
- Deleting Existing Built-in Accounts
- Renew Existing Built-in Accounts
- Troubleshooting
Create a Palo Alto Panorama Machine
Creating a new machine is the initial step in enabling Next-Gen Trust Security to connect directly to application keystores for certificate management. Once you have created machines, you can move on to provisioning certificates to those machines.
Before You Begin
- IP address or hostname of the Palo Alto Panorama
- Minimum required credentials on Palo Alto Panorama: Choose between user credentials or shared credentials.
- User credentials: The username and password you enter.
- Shared credentials: Optionally, you can use shared credentials from your credential provider (CyberArk is the only credential provider currently supported by Next-Gen Trust Security). To use this option, first set up the connection to CyberArk.
- A Palo Alto Panorama user with the minimum required permissions to access the XML API.The user must be assigned to an Admin Role Profile with:
- Role type: Panorama
- XML API privileges:
- Configuration
- Operational Requests
- Commit
- Import
- Export
- Enter the Server Hostname.
- From the Credential Type drop-down, select either Enter Credentials or Select Credentials. Only users with the enabled "CyberArk shared credential" capability will see this option.Important: Your view of credentials may be limited based on your TSG assignment. Users with the Superuser role in the parent TSG can select any credential across the TSG hierarchy, while users with the Superuser role in a child TSG can only select credentials within their assigned TSG.Note:
- Enter Credentials - Is used to enter your admin credentials manually.
- Select Credentials - Is used to select your shared credentials from CyberArk.
- If you choose Enter Credentials, enter your Palo Alto Panorama admin credentials in the Username and Password fields.
- If you choose Select Credentials, from the Credential drop-down, select your shared credentials.
- Click Test Access, then click Continue. Note that Continue is only enabled if the Test Access is successful.Warning: Remember to store your username and password securely when creating a new machine. For security reasons, you will not be able to modify the fields under the "Access" tab without these credentials. This ensures that only authorized individuals can modify these fields.
What's Next?
Refer back to Create a new machine to finish setting up your new machine by configuring Discovery and Provisioning scheduling.
For existing machines:
- Now that you have one or more machines created, you can provision certificates to those machines.
- You can also discover certificates on machines to enable easy tracking of certificates deployed to your machines.