- Panorama > Managed Collectors > Communication
To configure custom certificate-based authentication between Log Collectors and Panorama, firewalls, and other Log Collectors, configure the settings as described in the following table.
Secure Server Communication—Enabling Secure Server Communication validates the identity of client devices connecting to the Log Collector.
SSL/TLS Service Profile
Select a SSL/TLS service profile from the drop-down. This profile defines the certificate presented by the Log Collector and specifies the range of SSL/TLS versions acceptable for communication with the Log Collector.
Select a certificate profile from the drop-down. This certificate profile defines certificate revocation checking behavior and root CA used to authenticate the certificate chain presented by the client.
Custom Certificate Only
When enabled, the Log Collector only accepts custom certificates for authentication with managed firewalls and Log Collectors.
Authorize Clients Based on Serial Number
The Log Collector authorizes client devices based on uses a hash of their serial number.
Check Authorization List
Client devices or device groups connecting to this Log Collector are checked against the authorization list.
Disconnect Wait Time (min)
The amount of time the Log Collector waits before breaking the current connection with its managed devices. The Log Collector then reestablishes connections with its managed devices using the configured secure server communications settings. The wait time begins after the secure server communications configuration is committed.
Authorization List—Select Add and complete the following fields to set criteria.
Secure Client Communication—Enabling Secure Client Communication ensures that the specified client certificate is used for authenticating the Log Collector over SSL connections with Panorama, firewalls, or other Log Collectors.
Select the type of device certificate (None, Local, or SCEP) used for securing communication
If None is selected, no device certificate is configured and the secure client communication is not used. This is the default selection.
The Log Collector uses a local device certificate and the corresponding private key generated on the Log Collector or imported from an existing enterprise PKI server.
Certificate—Select the local device certificate. This certificate can be a unique to the firewall (based on a hash of the Log Collector’s serial number) or a common device certificate used by all Log Collectors connecting to Panorama.
Certificate Profile—Select the Certificate Profile from the drop-down. This certificate profile is used for defining the server authentication with the Log Collector.
The Log Collector uses a device certificate and private key generated Simple Certificate Enrollment Protocol (SCEP) server.
SCEP Profile—Select a SCEP Profile from the drop-down.
Certificate Profile— Select the Certificate Profile from the drop-down. This certificate profile is used for defining the server authentication with the Log Collector.
Check Server Identity
The client device confirms the server’s identity by matching the common name (CN) with server’s IP address or FQDN.
Deploy Custom Certificates
Deploy Custom Certificates Complete the following procedure to obtain custom certificates and deploy them on your Panorama and its managed devices. Generate or obtain your ...
Configure Authentication Using Custom Certificates on Managed Devices
Configure Authentication Using Custom Certificates on Managed Devices Complete the following procedure to configure the client side (firewall or Log Collector) to use custom certificates ...
Configure a Managed Collector
Configure a Managed Collector To enable the Panorama management server to manage a Log Collector, you must add it as a managed collector. You can ...
Configure Authentication Using Custom Certificates on Panorama
Configure Authentication Using Custom Certificates on Panorama Complete the following procedure to configure the server side (Panorama) to use custom certificates instead of predefined certificates ...
Change a Client Certificate
Change a Client Certificate Complete the following task to replace a client certificate. Obtain or generate the device certificate. You can deploy certificates on Panorama ...
Set Up Authentication Using Custom Certificates Between HA Peers
Set Up Authentication Using Custom Certificates Between HA Peers You can Set Up Authentication Using Custom Certificates for securing the HA connection between Panorama HA ...
Set Up the M-Series Appliance as a Log Collector
Set Up the M-Series Appliance as a Log Collector If you want a dedicated appliance for log collection, configure an M-100 or M-500 appliance in ...
How Are SSL/TLS Connections Mutually Authenticated?
How Are SSL/TLS Connections Mutually Authenticated? In a regular SSL connection, only the server need to identify itself to the client by presenting its certificate. ...
Device > Certificate Management > Certificates
Device > Certificate Management > Certificates Select Device Certificate Management Certificates Device Certificates to manage (generate, import, renew, delete, and revoke) certificates, which are used ...