topic SSL Over-Ride Page in General Topics https://live.paloaltonetworks.com/t5/general-topics/ssl-over-ride-page/m-p/48889#M35997 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Anyone had any luck with getting the SSL URL Over-ride page to display without a certificate error?</P><P></P><P>If I have 'transparent' mode enabled for this function I get a certificate error (it appears to replace my URL with the IP address, port 6083, which doesn;t relate to the cert used).</P><P></P><P>If I try redirect (to a Layer 3 interface on the PA as described in another article on this forum) I just get a timeout.&nbsp; I guess it may be because my rulebase doesn't permit port 6083 traffic - but I'm not sure if that's a standard port it'll always use?</P><P></P><P>Cheers for any experience!</P></BODY></HTML> Wed, 08 Feb 2012 19:48:25 GMT apackard 2012-02-08T19:48:25Z SSL Over-Ride Page https://live.paloaltonetworks.com/t5/general-topics/ssl-over-ride-page/m-p/48889#M35997 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Anyone had any luck with getting the SSL URL Over-ride page to display without a certificate error?</P><P></P><P>If I have 'transparent' mode enabled for this function I get a certificate error (it appears to replace my URL with the IP address, port 6083, which doesn;t relate to the cert used).</P><P></P><P>If I try redirect (to a Layer 3 interface on the PA as described in another article on this forum) I just get a timeout.&nbsp; I guess it may be because my rulebase doesn't permit port 6083 traffic - but I'm not sure if that's a standard port it'll always use?</P><P></P><P>Cheers for any experience!</P></BODY></HTML> Wed, 08 Feb 2012 19:48:25 GMT https://live.paloaltonetworks.com/t5/general-topics/ssl-over-ride-page/m-p/48889#M35997 apackard 2012-02-08T19:48:25Z Re: SSL Over-Ride Page https://live.paloaltonetworks.com/t5/general-topics/ssl-over-ride-page/m-p/48890#M35998 <HTML><HEAD></HEAD><BODY><P>Sounds like you should contact support regarding feature request.</P><P></P><P>Since the PAN is acting SSL-proxy (when you do SSL-termination) it should be possible for it to insert the block/continuepage in the current SSL stream instead of forcing the client to redirect into some ip-address.</P><P></P><P>At least this would look better at the clientside and you as admin wont need to expose the PAN itself for the client.</P></BODY></HTML> Thu, 09 Feb 2012 08:16:28 GMT https://live.paloaltonetworks.com/t5/general-topics/ssl-over-ride-page/m-p/48890#M35998 mikand 2012-02-09T08:16:28Z