Configure Appliance-to-Appliance Encryption Using Predefined Certificates Centrally on Panorama

  1. Upgrade each managed WildFire appliance to PAN-OS 8.1.x. All managed appliances must be running PAN-OS 8.1 or later to enable appliance-to-appliance encryption.
  2. Verify that your WildFire appliance cluster has been properly configured and is operating in a healthy state.
  3. On Panorama, select
    Panorama
    > Managed WildFire Clusters
    > WF_cluster_name
    > Communication.
  4. Enable
    Secure Cluster Communication.
    enable-secure-cluster-communication-panorama.png
  5. (Recommended)
    Enable
    HA Traffic Encryption. This optional setting encrypts the HA traffic between the HA pair and is a Palo Alto Networks recommended best practice.
    HA Traffic Encryption cannot be disabled when operating in FIPS/CC mode.
    enable-ha-traffic-encryption-panorama.png
  6. Click
    OK
    to save the
    WildFire Cluster
    settings.
  7. Commit
    your changes.

Recommended For You