This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Certificates on Palo alto - Types to be installed

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Certificates on Palo alto - Types to be installed

N-Open
L1 Bithead

‎12-03-2023 01:07 AM

Dear memebers,

 

We are going to use palo alto vm series firewall on Azure and like to take your advice on the type of certificates to be installed. The firewalls will be public facing front end by Azure application gateway.

 

The FW will be protecting a web site running on the background.  If my understanding is correct, I need 2 types of certificates.

 

  • One from Certificates from a trusted third-party CA (Go dady/Verisign) - This is for web site
  • Obtain a Certificate from an External CA - This will be from Palo alto itself for  SSL/TLS decryption 

 

plz advice if my understanding is correct.

0 Likes Likes
1 REPLY 1

reaper
Cyber Elite
Cyber Elite

‎12-04-2023 06:07 AM

you don't need the second ssl certificate as that is only required for outbound proxy inspection (and it needs to be from an internal PKI or selfsigned instead of a public one)

 

for inbound inspection, you need to have the server certificate (and preferably the CA/root and intermediate, to complete the certificate path)

 

you can use the server certificate on the firewall (WITH private key) to look inside the flow

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization
0 Likes Likes
  • 433 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks