12-02-2020 08:19 AM
Hi PA Experts,
We have a Panorama (10.02) that we will use to manage multiple firewalls from different companies, so it's a multi-tenant deployment.
I have 2 questions for now:
1. One company is concerned about security connecting their FW to Panorama, though we explained to them it's encrypted. So they want to generate a certificate from their end and use certificate based authentication between our Panorama and their FW, is it just a matter of them generating a certificate and we will just import them to our Panorama (and to their FW)?
2. How will that certificate in our Panorama affect other tenants (firewalls) in our Panorama? Will they still be connected?
Thanks in advance.
Mar
12-02-2020 09:09 AM
Hi,
Here is a quick checklist of the things that you’ll need to set so that Panorama is in good working condition:
1.Go to Panorama | Setup | Management
-Set Hostname, Domain (example.com), and Login Banner.
--Set SSL/TLD Service Profile with minimum version set to TLS1.2. --Ensure that the serial number you received after registration has been set properly:
2.Review Secure Communication Settings. By enabling Customize Secure Server Communication, you can manually set SSL/TLS Service Profile and Certificate Profile, and then create a list of identifiers that can be used for communication between the firewalls and Panorama, This requires the firewalls and Panorama to be provisioned with an SSL/TLS service profile that uses certificates signed by the same root Certificate Authority (CA) so that they can establish trust.
Refers device web UI settings.
Regards,
Suresh
12-02-2020 10:24 AM
Thanks Suresh, that's really helpful.
Just to clarify more - the situation, it was decided the client will generate the certificate from their end, so my question is how do we use that certificate once they generated it? I see settings in Panorama but it's in multiple locations, like Certificate Management, Setup > Communication Settings. Then there are different kind of certificates, could you enlighten me some more? Thanks.
12-04-2020 05:08 AM
Thanks Emmerich but I don't understand your questions being related to certificate based communication between panorama and firewall.
12-09-2021 03:23 AM
For communication between Panorama and firewalls. This connection is initiated from the managed firewall to Panorama and facilitates a bi-directional data exchange on which the firewalls forward logs to Panorama and Panorama pushes configuration changes to the firewalls.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
