Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 1 reply
  • Answers 1 answer
  • Subscribers 40 subscribers
  • Views 1239 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

on Sophos Firewall, if I update and regenerate the default CA, what are the implications?

Callum Roseneder1

On Sophos Firewall, if I update and regenerate the default CA, what are the implications?

I have a firewall that is setup, the default CA hasn't been customised so far.

I need to setup a S2S IPsec VPN with certificates and wanted to customise this before I did.

https://docs.sophos.com/nsg/sophos-firewall/18.5/Help/en-us/webhelp/onlinehelp/AdministratorHelp/Certificates/CertificateAuthorities/CertificatesDefaultCAUpdate/index.html

I can see that updating will result in regen of the CA, but will this have other implications, do I need an outage window?

I'm not using HTTPS decrypt, my SSL remote access VPN using a different CA set in the global settings.

Thanks in advance.



This thread was automatically locked due to age.
  • 0

    Hi Callum,

    Thank you for reaching out to Sophos Community.

    You may need to update any configuration on the firewall that uses the old CA.

    If you plan to configure a Site-to-site IPSec VPN with new certificates, kindly update both ends.

    For an outage window, it's always a good idea to plan for any potential disruption due to changes. Also, make sure to make a backup configuration.

    Erick Jan
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

Unfiltered HTML