Skip to content

Network Appliance Sessions

Overview

Network appliances play a critical role in enterprise infrastructure and typically require privileged, interactive access for configuration, maintenance, and troubleshooting. These devices often rely on shared administrative credentials and elevated command modes, which can introduce security and compliance risks when access is unmanaged.

The PAM platform provides secure, centralized remote session connectivity to network appliances using the SSH protocol. Credentials are retrieved from the Credential Vault at session launch time, eliminating the need to expose passwords to end users or store them locally. All access is governed by policy, fully audited, and aligned with privileged access management best practices.

Network Appliance Sessions support a wide range of devices, including but not limited to Cisco, Brocade, Juniper, Palo Alto, Fortinet, NetApp, NetScaler, and F5.

Note

Secure, audited SSH-based remote access to network appliances is addressed on this page. For credential management and rotation of network appliance accounts, refer to Network Appliance Account Management.

Supported Connectivity Model

Network appliance sessions are established using SSH and provide interactive command-line access to the target device. The platform supports both standard user-level access and privileged (enable) modes commonly used by network operating systems.

Key characteristics include:

  • SSH-based remote session connectivity
  • Centralized credential retrieval from the vault
  • Policy-controlled access to network devices
  • Full session auditing and event logging
  • Compatibility with major network appliance vendors

Creating a Network Appliance Asset for Remote Connectivity

To enable remote SSH-based sessions to network appliances, you must create a Network Appliance asset in the Credential Vault. This asset defines the connection parameters, authentication credentials, and optional enable-mode configuration for the target device.

Asset Configuration

  1. Create a new asset using the Network Appliance asset type in a container of your choice.

    Note: The Network Appliance asset type is hidden by default and must be unhidden (Management > Asset Types) before it can be selected.

  2. Populate the asset fields as follows:
    • Name: Enter a descriptive name for the network appliance.
    • Description: Optionally enter a description to provide additional context for this asset or appliance.
    • Host: Enter the hostname or IP address of the network appliance.
    • Port: Enter the port used to establish the SSH connection.

      Note: This field is hidden by default and has a static value of 22. Unhide the field only if a non-default SSH port is required.

    • User: Enter the user account used to authenticate to the network appliance.
    • Password: Enter the password for the specified user account.
    • Enable Level: If required, specify the enable (privilege) level for this network appliance. See Enable Mode Support for details.
    • Enable Password: If required, specify the enable password used to transition to the configured enable level. See Enable Mode Support for details.

3. Click Save to create the Network Appliance asset.
4. Use the Access button to validate connectivity and confirm that a session can be established successfully.

Enable Mode Support

For Cisco and Cisco-like network devices, the platform supports elevation to privileged (enable) mode during an SSH session.

The following enable mechanisms are supported:

  • Enable Level: Numeric privilege levels ranging from 0 to 9
  • Enable Password: Password-based elevation when required by the device configuration

If both an enable level and enable password are configured, the PAM platform automatically supplies the appropriate values to the network appliance during the session to transition into enable mode. This process is transparent to the user and does not require manual credential entry.