Block VPN access for lost iphone/ipad

L2 Linker

Block VPN access for lost iphone/ipad

Hi, I followed the document on how to create VPN for IOS devices with certificates, and I got it working.

I was wondering how I can deny a device VPN access for a device which is lost or stolen. Deleting the certificate Client ID certificate on the PaloAlto Box does not help. The device can still connect.

The user can change his password but I would prefer that a connection attempt is already blocked.

Do I need to work with certificate revocation for such a feature? Is there a description how such an architecture can be used with the AploAlto? Am I right that you need an external CA instead of the PaloAlto box for such a feature?

Thanks for any help

L6 Presenter

Hi...You will need to issue client certificates whereby each iOS device will be given a cert.  The PA device can be configured to check for client certs and also check against the CRL for any revocation.  You can then revoke the particular client cert if the device is lost/stolen.


L0 Member

I have also lost my iPhone and I bought a new iPhone and I want to recover my iTunes account on my new iPhone but it shows me an error that error 4013 and I don't how to recover this and remove this error.

Cyber Elite

Somewhat the wrong forum :P (in case this isn't a Spam post)


Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!