You can encrypt WildFire communications between appliances
deployed in a cluster. By default, WildFire appliances send data
using cleartext when communicating with management appliances as
well as WildFire cluster peers. You can use either predefined or
custom certificates to authenticate connections between WildFire
appliance peers using the IKE/IPsec protocol. The predefined certificates
meet current FIPS/CC/UCAPL-approved certification and compliance
requirements. If you want to use custom certificates instead, you
must select a FIPS/CC/UCAPL-compliant certificate or you will not
be able to import the certificate.
You can configure WildFire appliance-to-appliance encryption
locally using the WildFire CLI or centrally through Panorama. Keep
in mind, all WildFire appliances within a given cluster must run
a version of PAN-OS that supports encrypted communications.
If the WildFire appliances in your cluster uses FIPS/CC
mode, encryption is automatically enabled using predefined certificates.
Depending on how you want to deploy appliance to appliance encryption,
perform one of the following tasks: