Communication between Panorama and a Firewall from outside

Reply
MarlonMarasigan
L1 Bithead

Communication between Panorama and a Firewall from outside

Hi PA Experts,

 

We have a Panorama (10.02) that we will use to manage multiple firewalls from different companies, so it's a multi-tenant deployment. 

I have 2 questions for now:

 

1. One company is concerned about security connecting their FW to Panorama, though we explained to them it's encrypted. So they want to generate a certificate from their end and use certificate based authentication between our Panorama and their FW, is it just a matter of them generating a certificate and we will just import them to our Panorama (and to their FW)?

 

2. How will that certificate in our Panorama affect other tenants (firewalls) in our Panorama? Will they still be connected? 

 

Thanks in advance.

 

Mar

 

SureshReddyM
L2 Linker

Hi,

Here is a quick checklist of the things that you’ll need to set so that Panorama is in good working condition:

1.Go to Panorama | Setup | Management

-Set Hostname, Domain (example.com), and Login Banner.

--Set SSL/TLD Service Profile with minimum version set to TLS1.2. --Ensure that the serial number you received after registration has been set properly:

2.Review Secure Communication Settings. By enabling Customize Secure Server Communication, you can manually set SSL/TLS Service Profile and Certificate Profile, and then create a list of identifiers that can be used for communication between the firewalls and Panorama, This requires the firewalls and Panorama to be provisioned with an SSL/TLS service profile that uses certificates signed by the same root Certificate Authority (CA) so that they can establish trust.

 

Refers device web UI settings.

 

Regards,

Suresh

Spoiler
 

 

 

 

MarlonMarasigan
L1 Bithead

Thanks Suresh, that's really helpful.

 

Just to clarify more - the situation, it was decided the client will generate the certificate from their end, so  my question is how do we use that certificate once they generated it? I see settings in Panorama but it's in multiple locations, like Certificate Management, Setup > Communication Settings. Then there are different kind of certificates, could you enlighten me some more? Thanks. 

Emmerich
L0 Member

Depends on your config, but it's likely logs. There is log compression that occurs to keep traffic down. Do you have broadband connections as well?
Tags (1)
MarlonMarasigan
L1 Bithead

Thanks Emmerich but I don't understand your questions being related to certificate based communication between panorama and firewall. 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!