Authentication Using Custom Certificates

You can now configure mutual authentication of Panorama, firewalls, and Log Collectors using custom certificates. This allows you to establish a unique chain of trust between Panorama and its managed devices instead of relying on predefined certificates used for management and inter-device communication. You can also configure custom certificates for mutual authentication between the Windows User-ID agent and the firewalls; this connection is used for sending user mapping information from the agent to the firewall. User-ID mapping information redistribution between firewalls and Panorama use the existing connections between Panorama and its managed devices. Additionally, you can use custom certificates for authentication between Panorama high availability (HA) peers. You can generate these certificates locally on Panorama or the firewall, obtain them from a trusted third-party certificate authority (CA), or obtain certificates from your own enterprise CA. By using custom certificates, you can establish a unique chain of trust to ensure mutual authentication between Panorama and the devices it manages.
Beginning in 8.0.1, you can also configure custom certificates for mutual authentication between the Terminal Services agent and the firewalls.

Related Documentation