I just ran into an issue while creating an External Dynamic List in Panorama 8.0. The source is a HTTPS address that requries a certificate profile for validation, so far so good. The problem is that I can't select any certificate profile, the list is empty. There's a certificate profile created under Device > Certificate Management > Certificate Profile for a template.
Any suggestion what can be wrong or how to do this in a correct way?
Solved! Go to Solution.
Thanks for posting in the community forums!
I tested this out.
Verify if the firewall is also running 8.0. I can replicate this behavior if the Panorama is 8.0 while the firewall is pre-8.0. Secondly, check from the firewall itself, if you are able to create a EDL(with https link) and associate a certificate profile. This is an excerpt from the Admin Guide of the Panorama:
Hope this helps.
First guess would be that you are missing the intermediate cert on your cert profile. The full chain needs to be included ...because reasons ;)
I ran into the same issue. Seems to be a design issue depending on your device group hierarchy. In my case my firewalls are in a DG under an organizational DG. For example shared > datacenter firewalls > data center A. The issue is that I am managing security policy in the "datacenter firewalls" DG, which doesn't have any devices assigned to it - this is the issue. But I'm not able to create an EDL in the "datacenter firewalls" DG and reference a cert file from the template. I hope Palo dev fixes this.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!