You can encrypt WildFire communications between appliances deployed
in a cluster. By default, WildFire appliances send data using cleartext
when communicating with management appliances as well as WildFire
cluster peers. You can use either predefined or custom certificates
to authenticate connections between WildFire appliance peers using
the IKE/IPsec protocol. The predefined certificates meet current
FIPS/CC/UCAPL-approved certification and compliance requirements.
If you want to use custom certificates instead, you must select
a FIPS/CC/UCAPL-compliant certificate or you will not be able to
import the certificate.
You can configure WildFire appliance-to-appliance encryption
locally using the WildFire CLI or centrally through Panorama. Keep
in mind, all WildFire appliances within a given cluster must run
a version of PAN-OS that supports encrypted communications.