Who rated this post

cancel
Showing results for 
Search instead for 
Did you mean: 
_Val_
Admin
Admin

Some answers:

  1. The default VPN authentication for S2S VPN is certificate-based. Pre-Shared is considered less secure and is only supported for cases when your VPN peer belongs to another security domain.
  2. GW VPN certificates, like all other internal certificates, are signed by your domain CA
  3. The default expiration period for VPN certificates is one year for all supported versions. You can extend it to three years, see sk176527.
  4. AFAIK, there are no SNMP traps for certificates. However, there are multiple other means to follow up and check the validity of GW VPN certificates. Look into sk104400, sk178304, sk102092, sk97792. In essence, you will have either SmartConsole warning, or you can run a CLI command to check.

View solution in original post

(1)
Who rated this post