Configure WildFire Appliance-to-Appliance Encryption
Where Can I Use
This? | What Do I Need? |
You can encrypt WildFire communications between appliances deployed
in a cluster. By default, WildFire appliances send data using cleartext
when communicating with management appliances as well as WildFire
cluster peers. You can use either predefined or custom certificates
to authenticate connections between WildFire appliance peers using
the IKE/IPsec protocol. The predefined certificates meet current
FIPS/CC/UCAPL-approved certification and compliance requirements.
If you want to use custom certificates instead, you must select
a FIPS/CC/UCAPL-compliant certificate or you will not be able to
import the certificate.
You can configure WildFire appliance-to-appliance encryption
locally using the WildFire CLI or centrally through Panorama. Keep
in mind, all WildFire appliances within a given cluster must run
a version of PAN-OS that supports encrypted communications.
If the WildFire appliances in your cluster uses FIPS/CC
mode, encryption is automatically enabled using predefined certificates.
Depending on how you want to deploy appliance to appliance encryption,
perform one of the following tasks: