Audit Log Certificate

You can use Transport Layer Security (TLS) certificates to secure communications between the Cloud-Delivered Firewall Management Center and a trusted audit log server.

Client Certificates (Required)

Generate a certificate signing request (CSR), submit it to a Certificate Authority (CA) for signing, then import the signed certificate onto the Cloud-Delivered Firewall Management Center. Use the local system configuration: Obtain a Signed Audit Log Client Certificate for the Cloud-Delivered Firewall Management Center and Import an Audit Log Client Certificate into the Cloud-Delivered Firewall Management Center.

Server Certificates (Optional)

For additional security, we recommend you require mutual authentication between the Cloud-Delivered Firewall Management Center and the audit log server. To accomplish this, load one or more certificate revocation lists (CRLs). You cannot stream audit logs to servers with revoked certificates listed in those CRLs.

Secure Firewall supports CRLs encoded in Distinguished Encoding Rules (DER) format. Note that these are the same CRLs that the system uses to validate HTTPS client certificates for the Cloud-Delivered Firewall Management Center web interface.

Use the local system configuration: Require Valid Audit Log Server Certificates.