Disabling TPM (Trusted Platform Module) certificate protection during installation on the firewall

More recent models of SN 3100 firewalls offer certificate protection with TPM chips from version 3.10 of SNS and upwards.

Whenever you install an identity (.p12 format) on an SN firewall from the SMC server, certificate protection via TPM chip is enabled by default. The certificate is protected by a password stored on the TPM chip.

In SMC, TPM-protected certificates can only be used in IPSec VPN topologies with encryption profiles of the type IKEv2.

To create VPN topologies with IKEv1 encryption profiles, disable this protection using the environment variable FWADMIN_FW_TPM_DISABLED.