Audit Log Certificate

You can use Transport Layer Security (TLS) certificates to secure communications between the Firewall Management Center and a trusted audit log server.

Client Certificates (Required)

Generate a certificate signing request (CSR), submit it to a Certificate Authority (CA) for signing, then import the signed certificate onto the Firewall Management Center. Use the local system configuration: Obtain a Signed Audit Log Client Certificate for the Firewall Management Center and Import an Audit Log Client Certificate into the Firewall Management Center.

Server Certificates (Optional)

For additional security, we recommend you require mutual authentication between the Firewall Management Center and the audit log server. To accomplish this, load one or more certificate revocation lists (CRLs). You cannot stream audit logs to servers with revoked certificates listed in those CRLs.

Secure Firewall supports CRLs encoded in Distinguished Encoding Rules (DER) format. Note that these are the same CRLs that the system uses to validate HTTPS client certificates for the Firewall Management Center web interface.

Use the local system configuration: Require Valid Audit Log Server Certificates.