01-26-2024 08:34 AM
All
I plan to secure web interface for management of PANFW. we use data plane IP to manage all FWs. Is there way to deploy certs to each PAN via Panorama or it has to be done one by one. If any one did this before Please help and share
Thank you
Daniel
02-04-2024 04:13 PM
Hello @Daniel_Li - do you have an enterprise CA that you can leverage? If so, and if you're fine with all of the firewalls having the same certificate on them, you could use a SAN certificate, or a wildcard certificate. The instructions here may help you.
If you need each device to have its own certificate, you may have some luck in automating the process via the CLI, but I'm not aware of any existing supported scripts to do this.
02-08-2024 08:20 AM
Thank you Iain for your kind reply. We have Microsoft CA. Will try the link. Other question you could help answer. we are using loopback interface for webui access and managed by Panorama (not using management plane interface). How to implement SSL profile to loopback interface to secure it
Thank you
02-08-2024 04:44 PM
Hello @Daniel_Li - please refer to this knowledgebase article; once SSL is set up, it is valid for all WebUI sessions.
02-08-2024 05:33 PM
Thank you Iain. SSL profile works not only for management interface but other webui sessions. I will test.
Daniel
02-13-2024 12:26 PM
Iain
I was told by Tech that SSL profile can not be applied to loopback interface in the data plane. Only to management interface in the management
plane. I have not tested but it seems to be correct technically
Daniel
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
