Configure TLS server identity

TLS server identity determines how SMC servers or NGFW Engines verify the identity of the external servers with which they communicate.

You can configure TLS server identity in the following elements:

  • Management Servers and Log Servers — Defines how the identity of the syslog server to which log data is forwarded from the Management Server or the Log Server is verified.
  • Active Directory Server or LDAP Server — Defines how the identity of the Active Directory Server or LDAP Server is verified when the LDAPS or Start TLS protocols is used to secure the LDAP connection between the external server and the Management Server and NGFW Engines.
  • Forcepoint User ID Service — Defines how the identity of the Forcepoint User ID Service that sends user identification information to the NGFW Engines is verified.

  For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Right-click the element for which you want to define the TLS server identity, then select Properties.
  2. Define the TLS server identity depending on the type of element.
    • Management Server or Log Server — Click the Audit Forwarding or Log Forwarding tab, double-click the TLS Server Identity cell, then define the TLS server identity settings.
    • Active Directory Server or LDAP Server — On the General tab, select LDAPS or Start TLS from the LDAP Protocol drop-down list.
    • Forcepoint User ID Service — Click the Certificate tab.
  3. From the TLS Server Identity drop-down list, select the server identity type field to be used.
  4. (Optional) Click Fetch from Certificate to fetch the value of the server identity type field from a certificate.
    Note: You can fetch the value of the server identity field from a certificate only if the server identity field is Distinguished Name, SHA-1, SHA-256, SHA-512, or MD5.
  5. In the Identity Value field, enter the value of the server identity field.
  6. Click OK.

TLS Server Identity dialog box

Use this dialog box to define the identity of a TLS server for TLS-protected audit or log data forwarding to an external syslog server, or the identity of an external LDAP or Active Directory server.

Option Definition
TLS Server Identity Field

Select the server identity type field to be used.

  • DNS Name — Use the DNS name of the server.
  • IP Address — Use the IP address of the server.
  • Common Name — Use the common name (CN) of the server.
  • Distinguished Name — Use the distinguished name (DN) of the server.
  • SHA-1 — Use SHA (Secure Hash Algorithm) hash function 1.
  • SHA-256 — Use SHA (Secure Hash Algorithm) hash function 256.
  • SHA-512 — Use SHA (Secure Hash Algorithm) hash function 512.
  • MD5 — Use MD5 Message-Digest Algorithm.
  • Email — Use the email address associated with the server.
  • User Principal Name — Use the user principal name (UPN) of the server.
Fetch From Certificate Opens the Import Certificate dialog box for fetching the value of the server identity field from a certificate.
Note: You can fetch the value of the server identity field from a certificate only if the server identity field is Distinguished Name, SHA-1, SHA-256, SHA-512, or MD5.
Server Identity Value Specifies the value for the selected field type.