How to secure PA to Panorama communication channel

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

How to secure PA to Panorama communication channel

L4 Transporter

Hey, 

 

can some one put some light on the authentication & authorization of the PA to Panoram ommunication channel?

 

from what i know is that on panorama side we must have the SN for initial communication.

what happens from the point that the PA first contact panorama ? 

what happens on regular basics on the communication between the PA and the panorama?

i know that the traffic is encrypted but with what certiciate and private keys ?

is there some kind of PKI infrastructure between the panorama and the PA for that communication?

is there any Keys handshake between the Panorama and PA on their first contact?

can i do certificate Pinning on the PA side to prevent man in the middle attack since most of my deployments the PA communicates with panorama throught the internet sine the S2S configuration is controlled from panorama? 

is there any kind of "client authentication" on the SSL channel?

 

an engineer once told me that there is some kind of "default cetificate" that is used for this channel so:

1) is it comes with the installation? 

2) all customers have the same certificate with the same keys?

3) is it generated uppon panorama installation?

 

i will appriciate any information and data regarding this

 

thanks

1 REPLY 1

L4 Transporter
  • 3511 Views
  • 1 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!