IKEv2 Certificate Authentication Support for Stronger Authentication
Learn about SD-WAN plugin support for IKEv2 certificate-based authentication to
authenticate the IKEv2 peers.
The SD-WAN plugin now supports the certificate authentication type in addition to the
default pre-shared key type for user environments that have strong security
requirements. We support the IKEv2 certificate authentication type on
all SD-WAN supported hardware and software devices.
You can configure certificate-based authentication for the following topologies,
provided that you have configured all SD-WAN devices in the topology with the same
(or certificate) authentication type:
VPN clusters (hub-and-spoke and mesh)
PAN-OS firewalls connecting to Prisma Access compute nodes
Generate certificates for the SD-WAN
device using your own certificate authority (CA). Add and deploy the generated
certificates in bulk across your SD-WAN cluster and autogenerate the SD-WAN overlay
using the certificate-based authentication.
