KCSiE TLS decryption
We have numerous WG's installed for our customers, but we will be implementing SafeGuarding for a new install.
The majority of the devices will be BYOD.
I (am coming to appreciate that) will need to install a certificate on each device for the TLS decryption to take place.
So curious to know how any of you guys have implemented this for the easiest BYOD end user experience?
Simon.
0
Sign In to comment.
Comments
Hi @CRU_Technologies_Ltd
For BYOD devices, we designed the certificate portal which allows the firewall to host the cert for users to download.
(Certificate Portal)
https://www.watchguard.com/help/docs/help-center/en-us/Content/en-US/Fireware/certificates/certificate_portal_c.html
We also provide instructions on most platforms/browsers on how to import the proxy authority certificate so that users can access the internet.
(Import a Certificate on a Client Device)
https://www.watchguard.com/help/docs/help-center/en-us/Content/en-US/Fireware/certificates/import_client_cert.html
If devices get enrolled into any RMM type service as part of onboarding, it may also be possible to push the certificate to the device itself via that tool.
-James Carson
WatchGuard Customer Support