Currently the VPN client always prompts for approving the server certificate whenever you connect to a NG firewall via client VPN for the first time. Only workaround to bypass this, is a regkey to completely suppress certificate warnings within the client.
Why not have the same behavior like in most browsers for SSL certificates? When certificate is valid in regards of name, validity period and issuer no certificate prompt to confirm, whenever having a mismatch a warning should appear. Users are trained on this for certificate usage within web browsers, so why not use the same knowledge for VPN client?