do we support Multiple VPN certificates per GW? I mean GW should use different External VPN certificate per VPN community tunnel?
The partner manages one firewall of two different entities(customers), and each entity has its own CA which signs the VPN certificate used for IPSec VPN tunnel. There are two communities and two different VPN certificates.
Community A - use my.firewall.com signed by ICA-1
Community B - use my.firewall.com signed by ICA-2
Both certificates are imported in GW object under IPsec VPN tab, but when establishing VPN tunnels, GW is always sending the first certificate signed by ICA-1 no matter what tunnel is it.