: IKEv2 Certificate Authentication Support for Stronger Authentication
Focus
Focus

IKEv2 Certificate Authentication Support for Stronger Authentication

Table of Contents

IKEv2 Certificate Authentication Support for Stronger Authentication

Learn about SD-WAN plugin support for IKEv2 certificate-based authentication to authenticate the IKEv2 peers.
The SD-WAN plugin now supports the certificate authentication type in addition to the default pre-shared key type for user environments that have strong security requirements. We support the IKEv2 certificate authentication type on all SD-WAN supported hardware and software devices.
You can configure certificate-based authentication for the following topologies, provided that you have configured all SD-WAN devices in the topology with the same (or certificate) authentication type:
  • VPN clusters (hub-and-spoke and mesh)
  • PAN-OS firewalls connecting to Prisma Access compute nodes
Generate certificates for the SD-WAN device using your own certificate authority (CA). Add and deploy the generated certificates in bulk across your SD-WAN cluster and autogenerate the SD-WAN overlay using the certificate-based authentication.