- Panorama > Managed Collectors > Communication
To configure custom certificate-based authentication between Log Collectors and Panorama, firewalls, and other Log Collectors, configure the settings as described in the following table.
Secure Server Communication—Enabling
Secure Server Communicationvalidates the identity of client devices connecting to the Log Collector.
SSL/TLS Service Profile
Select a SSL/TLS service profile from the drop-down. This profile defines the certificate presented by the Log Collector and specifies the range of SSL/TLS versions acceptable for communication with the Log Collector.
Select a certificate profile from the drop-down. This certificate profile defines certificate revocation checking behavior and root CA used to authenticate the certificate chain presented by the client.
Custom Certificate Only
When enabled, the Log Collector only accepts custom certificates for authentication with managed firewalls and Log Collectors.
Authorize Clients Based on Serial Number
The Log Collector authorizes client devices based on uses a hash of their serial number.
Check Authorization List
Client devices or device groups connecting to this Log Collector are checked against the authorization list.
Disconnect Wait Time (min)
The amount of time the Log Collector waits before breaking the current connection with its managed devices. The Log Collector then reestablishes connections with its managed devices using the configured secure server communications settings. The wait time begins after the secure server communications configuration is committed.
Authorization List—Select Add and complete the following fields to set criteria.
Secure Client Communication—Enabling
Secure Client Communicationensures that the specified client certificate is used for authenticating the Log Collector over SSL connections with Panorama, firewalls, or other Log Collectors.
Select the type of device certificate (None, Local, or SCEP) used for securing communication
Noneis selected, no device certificate is configured and the secure client communication is not used. This is the default selection.
The Log Collector uses a local device certificate and the corresponding private key generated on the Log Collector or imported from an existing enterprise PKI server.
Certificate—Select the local device certificate. This certificate can be a unique to the firewall (based on a hash of the Log Collector’s serial number) or a common device certificate used by all Log Collectors connecting to Panorama.
Certificate Profile—Select the Certificate Profile from the drop-down. This certificate profile is used for defining the server authentication with the Log Collector.
The Log Collector uses a device certificate and private key generated Simple Certificate Enrollment Protocol (SCEP) server.
SCEP Profile—Select a SCEP Profile from the drop-down.
Certificate Profile— Select the Certificate Profile from the drop-down. This certificate profile is used for defining the server authentication with the Log Collector.
Check Server Identity
The client device confirms the server’s identity by matching the common name (CN) with server’s IP address or FQDN.