Securely Stream Audit Logs

If you stream the audit log to a trusted HTTP server or syslog server, you can use Transport Layer Security (TLS) certificates to secure the channel between the Cloud-Delivered Firewall Management Center and the server. You must generate a unique client certificate for each appliance you want to audit.

Procedure

Step 1

Obtain and install a signed client certificate on the Cloud-Delivered Firewall Management Center:

  1. Obtain a Signed Audit Log Client Certificate for the Cloud-Delivered Firewall Management Center:

    Generate a Certificate Signing Request (CSR) from the Cloud-Delivered Firewall Management Center based on your system information and the identification information you supply.

    Submit the CSR to a recognized, trusted certificate authority (CA) to request a signed client certificate.

    If you will require mutual authentication between the Cloud-Delivered Firewall Management Center and the audit log server, the client certificate must be signed by the same CA that signed the server certificate to be used for the connection.

  2. After you receive the signed certificate from the certificate authority, import it into the Cloud-Delivered Firewall Management Center. See Import an Audit Log Client Certificate into the Cloud-Delivered Firewall Management Center.

Step 2

Configure the communication channel with the server to use Transport Layer Security (TLS) and enable mutual authentication.

Step 3

Configure audit log streaming if you have not yet done so.

See Stream Audit Logs to Syslog or Stream Audit Logs to an HTTP Server.