cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Who Me Too'd this topic

How to secure PA to Panorama communication channel

L4 Transporter

Hey, 

 

can some one put some light on the authentication & authorization of the PA to Panoram ommunication channel?

 

from what i know is that on panorama side we must have the SN for initial communication.

what happens from the point that the PA first contact panorama ? 

what happens on regular basics on the communication between the PA and the panorama?

i know that the traffic is encrypted but with what certiciate and private keys ?

is there some kind of PKI infrastructure between the panorama and the PA for that communication?

is there any Keys handshake between the Panorama and PA on their first contact?

can i do certificate Pinning on the PA side to prevent man in the middle attack since most of my deployments the PA communicates with panorama throught the internet sine the S2S configuration is controlled from panorama? 

is there any kind of "client authentication" on the SSL channel?

 

an engineer once told me that there is some kind of "default cetificate" that is used for this channel so:

1) is it comes with the installation? 

2) all customers have the same certificate with the same keys?

3) is it generated uppon panorama installation?

 

i will appriciate any information and data regarding this

 

thanks

Who Me Too'd this topic