on Sophos Firewall, if I update and regenerate the default CA, what are the implications?

Question

On Sophos Firewall, if I update and regenerate the default CA, what are the implications? I have a firewall that is setup, the default CA hasn't been customised so far. 
 I need to setup a S2S IPsec VPN with certificates and wanted to customise this before I did. 
 https://docs.sophos.com/nsg/sophos-firewall/18.5/Help/en-us/webhelp/onlinehelp/AdministratorHelp/Certificates/CertificateAuthorities/CertificatesDefaultCAUpdate/index.html 
 I can see that updating will result in regen of the CA, but will this have other implications, do I need an outage window? I'm not using HTTPS decrypt, my SSL remote access VPN using a different CA set in the global settings. 
 
 Thanks in advance.

Erick Jan · Answer

Hi Callum, 
 Thank you for reaching out to Sophos Community. 
 You may need to update any configuration on the firewall that uses the old CA. 
 If you plan to configure a Site-to-site IPSec VPN with new certificates, kindly update both ends. 
 For an outage window, it's always a good idea to plan for any potential disruption due to changes. Also, make sure to make a backup configuration.