How certificates work

SMC servers and NGFW Engines use certificates to identify each other in system communications, and to secure communications to external components.

Note: Do not confuse certificates with licenses. Certificates are proof of identity that components use to authenticate themselves in communications. Licenses are a proof of purchase used for ensuring that your organization is a legal license holder of the software.

To be able to communicate with other SMC components, each SMC server and NGFW Engine must have a valid certificate.

Certificates can also be used:

  • For communication with some external components.
  • In VPNs for authentication between remote gateways.
  • By NGFW Engines for TLS inspection.

By default, the certificates used in system communications are generated by the internal certificate authority (CA) that runs on the Management Server. You can optionally install the SMC with external certificate management to use certificates issued by an external CA.

Note: You can only configure the SMC to use external certificates when you install the SMC. It is not possible to change to using external certificates in an existing installation. In SMC 6.10, this feature is only available when you use the SMC Appliance.

For more information, see the Forcepoint Next Generation Firewall Installation Guide.