Secure paths are established between appliances in the SD-WAN network by using security techniques such as network encryption and virtual path IPsec tunnels. In addition to the existing security measures, certificate based authentication is introduced in Citrix SD-WAN 11.0.2.
Using Certificate authentication organizations can use certificates issued by a private Certificate Authority (CA) to authenticate appliances. The appliances are authenticated before establishing the virtual paths. For example, if a branch appliance tries to connect to the data center with a certificate that does not match with the certificate that the data center expects, the virtual path is not established.
The certificate issued by the CA maps a public key to the name of the appliance. The public key is compatible with the corresponding private key possessed by the appliance identified by the certificate.
To enable appliance authentication, at the network level navigate to Configuration > Security > Network Security and select Enable Appliance Authentication.