I have a customer who is currently only running the PA in vwire. They need to have custom URL filtering continue and override pages.
My question is what needs to be done to have the end users browsers trust the certificate in vwire?
I know in layer 3 mode I can use a pushed out trusted root certificate going to a L3 interface. Based on my testing, in vwire mode I need to use transparent filtering but even if I do that and create a wildcard certificate it doesn't trust the certificate, I think because it is going directly to IP address not a dns address. Any insights or being pointed in the right direction would be appreciated.
The URL filtering override pages work like the Captive Portal pages. The answer to the orginal question was there needs to be a layer 3 interface of some type on the device for it to use for the certificates. This can be accomplished with a loop-back interface or a regular layer 3 interface. Otherwise in transparent mode you will receive certificate errors on the clients.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!