- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
12-14-2018 03:48 AM
Hello,
I wanted to use the SSL/TLS profile facility to restrcit management GUI sessions to TLSv1.2 but am having trouble with the certificates/process to follow. We have an Active/Passive HA Pair, i have been trying to setup on the passive to test but it is not working, from having a look around i susepct this may need to be setup on the Active with just the profile selection defined on the passive.
Can anyone guide please on the correct process and what certificates / profles need to be created where, e.g. do i create the Self Signed Root CA on the Active firewall, generate the certiciates (signed by created root) to be used for both primary and active SSL/TLS profiles on the Active Firewall and then create both SSL/TLS profiles on the Active Firewall. Then on Actve and Passive Firewalls just select the correct SSL/TLS profile?
Appreciate any guidance.
Thanks
Ryan
12-19-2018 06:25 AM - edited 12-19-2018 06:27 AM
Here's the specifics on what does not get synced in HA:
it specifically mentions:
The configuration for the associated SSL/TLS Service profile (Device > Certificate
Management > SSL/TLS Service Profile and the associated certificates (Device >
Certificate Management > Certificates) is synchronized. It is just the setting of
which SSL/TLS Service Profile to use on the Management interface that does not sync.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!