- Panorama > Managed Collectors > Communication
To configure custom certificate-based authentication between Log Collectors and Panorama, firewalls, and other Log Collectors, configure the settings as described in the following table.
Secure Server Communication—Enabling Secure Server Communication validates the identity of client devices connecting to the Log Collector.
SSL/TLS Service Profile
Select a SSL/TLS service profile from the drop-down. This profile defines the certificate presented by the Log Collector and specifies the range of SSL/TLS versions acceptable for communication with the Log Collector.
Select a certificate profile from the drop-down. This certificate profile defines certificate revocation checking behavior and root CA used to authenticate the certificate chain presented by the client.
Custom Certificate Only
When enabled, the Log Collector only accepts custom certificates for authentication with managed firewalls and Log Collectors.
Authorize Clients Based on Serial Number
The Log Collector authorizes client devices based on uses a hash of their serial number.
Check Authorization List
Client devices or device groups connecting to this Log Collector are checked against the authorization list.
Disconnect Wait Time (min)
The amount of time the Log Collector waits before breaking the current connection with its managed devices. The Log Collector then reestablishes connections with its managed devices using the configured secure server communications settings. The wait time begins after the secure server communications configuration is committed.
Authorization List—Select Add and complete the following fields to set criteria.
Secure Client Communication—Enabling Secure Client Communication ensures that the specified client certificate is used for authenticating the Log Collector over SSL connections with Panorama, firewalls, or other Log Collectors.
Select the type of device certificate (None, Local, or SCEP) used for securing communication
If None is selected, no device certificate is configured and the secure client communication is not used. This is the default selection.
The Log Collector uses a local device certificate and the corresponding private key generated on the Log Collector or imported from an existing enterprise PKI server.
Certificate—Select the local device certificate. This certificate can be a unique to the firewall (based on a hash of the Log Collector’s serial number) or a common device certificate used by all Log Collectors connecting to Panorama.
Certificate Profile—Select the Certificate Profile from the drop-down. This certificate profile is used for defining the server authentication with the Log Collector.
The Log Collector uses a device certificate and private key generated Simple Certificate Enrollment Protocol (SCEP) server.
SCEP Profile—Select a SCEP Profile from the drop-down.
Certificate Profile— Select the Certificate Profile from the drop-down. This certificate profile is used for defining the server authentication with the Log Collector.
Check Server Identity
The client device confirms the server’s identity by matching the common name (CN) with server’s IP address or FQDN.
Configure Authentication with Custom Certificates Between L...
Configure custom certificates between Log Collectors to create a unique chain of trust that ensures mutual authentication between Log Collectors ...
Configure Authentication Using Custom Certificates on Manag...
Configure Authentication Using Custom Certificates on Managed Devices Complete the following procedure to configure the client side (firewall or Log Collector) to use custom certificates ...
Configure a Managed Collector
Configure a Managed Collector To enable the Panorama management server to manage a Log Collector, you must add it as a managed collector. You can ...
Configure Custom Certificates for WildFire Appliance as a C...
Use custom certificates to establish mutual authentication for the connection Panorama™ uses to push configurations to your managed WildFire® appliance or cluster ...
Configure Authentication Using Custom Certificates on Panor...
Configure Authentication Using Custom Certificates on Panorama Complete the following procedure to configure the server side (Panorama) to use custom certificates instead of predefined certificates ...
Change a Client Certificate
Change a Client Certificate Complete the following task to replace a client certificate. Obtain or generate the device certificate. You can deploy certificates on Panorama ...
Configure Custom Certificates for the WildFire Appliance wi...
Configure secure server communication for the WildFire® appliance and secure client communication for firewalls and Panorama™ through the Panorama user interface. ...
Set Up Authentication Using Custom Certificates Between HA Peers
Set Up Authentication Using Custom Certificates Between HA Peers You can Set Up Authentication Using Custom Certificates for securing the HA connection between Panorama HA ...
Set Up The Panorama Virtual Appliance as a Log Collector
How to set up a Panorama virtual appliance in AWS or Microsoft Azure as a Dedicated Log Collector. ...