Your Firebox can use certificates for several purposes:

  • Firebox management session data is secured with a certificate.
  • Branch Office VPN, Mobile VPN with IKEv2, Mobile VPN with IPSec, and Mobile VPN with L2TP tunnels can use certificates for authentication.
  • When content inspection is enabled for HTTPS traffic or SMTP, POP3, or IMAP over TLS, these proxies use a certificate to re-encrypt incoming traffic after it is decrypted for inspection.
  • You can use a certificate with an inbound HTTPS proxy to protect a web server on your network.
  • When a user authenticates with the Firebox for any purpose, such as a WebBlocker override, the connection is secured with a certificate.
  • When RADIUS or Firebox authentication is configured to use WPA Enterprise or WPA2 Enterprise authentication methods.

If you use a certificate for authentication, it is important to track when the certificates expire. This helps to avoid disruptions in critical services such as VPN.

By default, your Firebox creates self-signed certificates to secure management session data and authentication attempts for Fireware Web UI and for proxy content inspection.

For more information, see: