Set Up Authentication Using Custom Certificates Between HA Peers
You can Set Up Authentication Using Custom Certificates for securing the HA connection between Panorama HA peers.
- Generate a certificate authority (CA) certificate on Panorama.
- Configure a certificate profile that includes the root
CA and intermediate CA.
- Select PanoramaCertificate ManagementCertificate Profile.
- Configure a certificate profile.
- Configure an SSL/TLS service profile.
- Select PanoramaCertificate ManagementSSL/TLS Service Profile.
- Configure an SSL/TLS profile to define the certificate and protocol that Panorama and its manage devices use for SSL/TLS services.
- Configure Secure Server Communication on Panorama.
- Select PanoramaSetupManagement and Edit the Panorama Settings.
- Verify that the Custom Certificate Only check
box is not selected. This allows you to continue managing all devices
while migrating to custom certificates.When the Custom Certificate Only check box is selected, Panorama does not authenticate and cannot manage devices using predefined certificates.
- Select the SSL/TLS service profile from the SSL/TLS Service Profile drop-down. This SSL/TLS service profile applies to all SSL connections between Panorama, firewalls, Log Collectors, and Panorama’s HA peers.
- Select the certificate profile from the Certificate Profile drop-down.
- (Optional) Configure an authorization list.
- Click Add under Authorization List.
- Select the Subject or Subject Alt Name as the Identifier type.
- Enter the Common Name
- In Disconnect Wait Time (min),
enter the number of minutes Panorama should before breaking and
reestablishing the connection with its managed devices. This field
is blank by default and the range is 0 to 44,640 minutes.The disconnect wait time does not begin counting down until you commit the new configuration.
- Click OK.
- Commit your changes.
- Upgrade the client-side Panorama to 8.1.
- Configure Secure Client Communication.
- Select PanoramaHigh Availability and Edit the HA settings.
- Select Certificate and Certificate Profile.
- Click OK.
- Commit your changes.
Configure Authentication Using Custom Certificates on Panor...
Configure Authentication Using Custom Certificates on Panorama Complete the following procedure to configure the server side (Panorama) to use custom certificates instead of predefined certificates ...
Configure Custom Certificates for WildFire Appliance as a C...
Use custom certificates to establish mutual authentication for the connection Panorama™ uses to push configurations to your managed WildFire® appliance or cluster ...
Configure Authentication with Custom Certificates Between L...
Configure custom certificates between Log Collectors to create a unique chain of trust that ensures mutual authentication between Log Collectors ...
Configure Custom Certificates for the WildFire Appliance wi...
Configure secure server communication for the WildFire® appliance and secure client communication for firewalls and Panorama™ through the Panorama user interface. ...
Configure Authentication with Custom Certificates on the PAN-DB Private Cloud
Use custom certificates to establish a unique chain of trust that ensures mutual authentication between your PAN-DB server and your firewalls. ...
Configure Authentication with a Single Custom Certificate o...
Assign and push a single, shared certificate to an entire WildFire® cluster. ...
Communication Settings Panorama > Managed Collectors > Communication To configure custom certificate-based authentication between Log Collectors and Panorama, firewalls, and other Log Collectors, configure the ...
Configure Authentication with Custom Certificates on the WildFire Appliance
Use custom certificates to establish a unique chain of trust that ensures mutual authentication between your WildFire appliance and your firewalls. ...
Certificate Management The following topics describe the different keys and certificates that Palo Alto Networks® firewalls and Panorama use, and how to obtain and manage ...