SSL Certificate for TZ470
I am looking for some guidance on the best path forward with regards to SSL Certificate for our TZ470. Our organization has 6 users that utilize NetExtender for VPN access to our internal network. During a recent risk assessment we flagged the use of the self-signed cert that is issued by SonicWall was in use during the initial connection to the router. While the risk is low that these users could be subjected to MITM attacks it could be a possibility. This could be corrected by purchasing a SSL certificate but that would then require the router to have a FQDN and thus have the DNS record more easily known.
Question is:
Is it better to leave the self-cert and not make the router widely known? Or purchase the SSL cert and update our DNS to the public IP address for the firewall?
Thanks
Answers
@William this might answer all of your questions.
Cconsidering the size I assume you're not running your own CA, therefore I would go for the commercial cert, but choose the Common Name (CN) wisely to avoid any certificate errors when connecting to the TZ.
--Michael@BWC