>
    Configure Appliance-to-Appliance Encryption Using Predefined Certificates Through the CLI
    Focus
    Download PDF
    Focus
    1. Home
    2. Advanced WildFire Powered by Precision AI™
    3. WildFire Appliance Clusters
    4. Configure WildFire Appliance-to-Appliance Encryption
    5. Configure Appliance-to-Appliance Encryption Using Predefined Certificates Through the CLI
    Download PDF
    Advanced WildFire Powered by Precision AI™

    Configure Appliance-to-Appliance Encryption Using Predefined Certificates Through the CLI

    Table of Contents

    Configure Appliance-to-Appliance Encryption Using Predefined Certificates Through the CLI

    Where Can I Use This?What Do I Need?
    • WildFire Appliance
    • WildFire License
    When configuring appliance-to-appliance encryption using the CLI, you must issue all commands from the WildFire appliance designated as the active-controller. The configuration changes are automatically distributed to the passive-controller. If you are operating a cluster with 3 or more nodes, you must also configure the WildFire cluster appliances acting as server nodes with the same settings as the active-controller.
    1. Upgrade each managed WildFire appliance to PAN-OS 9.0.
    2. Verify that your WildFire appliance cluster has been properly configured and is operating in a healthy state.
    3. Enable secure cluster communication on the WildFire appliance designated as the active-controller.
      set deviceconfig cluster encryption enabled yes
    4. (Recommended) Enable HA Traffic Encryption. This optional setting encrypts the HA traffic between the HA pair and is a Palo Alto Networks recommended best practice.
      HA Traffic Encryption cannot be disabled when operating in FIPS/CC mode.
      set deviceconfig high availability encryption enabled yes
    5. (Appliance clusters with 3 or more nodes only) Repeat steps 2-4 for the third WildFire appliance server node enrolled in the cluster.

    © 2024 Palo Alto Networks, Inc. All rights reserved.