I am installing a Sonicwall firewall into my organization. I've connected the Sonicwall with the Active Directory domain, however now on the status page of the appliance there is a huge warning:
WARNING: LDAP is being used without TLS - this is highly insecure.
I understand that connection between the FW and the DC is made with clear text and although this is not much of a problem because the Sonicwall and the Domain Controllers are in the local network and in the same subnet, we still want to encrypt the traffic to comply with our regulations.
As I made my search on other forums people are mentioning that I need to apply a certificate to the Domain Controller as per this MS article which is also mentioning the installation of AD Certificate services.
Is there any other way to do encrypt the LDAP traffic without installation of the additional role (AD CS) on the Domain Controller? Installing additional role to the Domain Controller, just for one simple task seems like an overkill to me - like nailing a needle with a sledgehammer.
Also If I am really to install and deploy a Certification Authority to our organization what would be the impact on it? I don't have experience working with it, so are there any implications and/or problems for which I am to be aware of?
TLS requires certificates. If you don't want to install and manage your own CA, purchase/acquire a certificate from a public CA.