Difference with using Domain Name VS Static IP for Firewall devices
What is the difference in using a domain name (subdomains) on your firewall devices (multiple 10+) verses using a static IP address. Is their any difference to what you can do if you pick one over the other, mainly speaking can you still uses a device-to-device VPN, also would this break any SSLVPN operations.
Right now we are using "unpurchased" IP address for our firewall devices (TZ), and we need to purchase a CA so we can pass a PCI scan. I know if we purchase the IP address (own all right to) we can buy one CA with multiple SANS, however that is a much larger cost that the alternative. The alternative is that we set up the firewalls using subdomains (multiple devices VPN into a main firewall device) so we would buy a Wildcard CA to cover an unlimited amount of subdomains for the single price of only one CA while not needing to buy multiple SANS for every location.
From what I know (not a lot) and what it seams like, is that it would be better for future us (we open a few locations every couple years) if we just assign our firewall devices to use a domain/subdomain.