takes to ensure
that a log receiver has a valid certificate.
Where Can I Use This?
What Do I Need?
Prisma Access (Managed by Strata Cloud Manager)
Prisma Access (Managed by Panorama)
NGFW (PAN-OS or Panorama Managed)
NGFW (Managed by Strata Cloud Manager)
Strata Logging Service
Strata Logging Service
secures your log data
by ensuring that the server you specify to receive your logs is
trusted and legitimate.
When you configure syslog or HTTPS forwarding,
Strata Logging Service
ensures that your log data arrives safely to its intended destination
by verifying the certificate on the receiving server. For maximum
security,
Strata Logging Service
performs multiple validity checks:
Strata Logging Service
checks...
to verify that...
Third-Party CA-Signed Certificates
The server has the full certificate chain. If the root CA is in the list of trusted CAs,
you do not need to upload any CAs from the certificate chain. If the
root CA is not in the list of trusted CAs, you need to upload the
root CA to
Strata Logging Service
.
OR
The server has the server certificate and one or more intermediate
CAs. If the root CA is in the list of trusted CAs, you do not need
to upload any CAs from the certificate chain. If the root CA is not
in the list of trusted CAs, you need to upload the root CA to
Strata Logging Service
.
OR
The server has only the server certificate. If the root CA is in the
list of trusted CAs, then you need to upload only the intermediate
CAs (one or multiple) to
Strata Logging Service
. If the root CA is not in
the list of trusted CAs, you need to upload the root CA and one or
more intermediate CAs to
Strata Logging Service
.
Private CA-Signed Certificates
The server has the full certificate chain, and only the root CA is
uploaded to
Strata Logging Service
.
OR
The server has the server certificate and one or more intermediate
CAs, and the root CA is uploaded to
Strata Logging Service
.
OR
The server has the server certificate only; the root CA and one or
more intermediate CAs are uploaded to
Strata Logging Service
.
Self-Signed Certificates
The certificate is installed on the server and uploaded to
Strata Logging Service
.
Expiration
None of the certificates in the chain have expired.
Host Name Match
The value entered for the Syslog Server name matches
the Subject Alternative Name (SAN) of the server certificate.
Revocation Status
None of the certificates in the chain have
been revoked by its issuing CA.
