Clear SSL opt-out response cache for client

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Clear SSL opt-out response cache for client

Not applicable

PanOS 4.1.14

How does one clear the cache for an individual client IP, so that the end-user is presented with the SSL Opt-Out page again when they next try a site which uses SSL? All I can think of is clear session all filter ssl-decrypt yes. If I do a show session all I don't know which session ID I should be clearing, if any...

Thanks

1 accepted solution

Accepted Solutions

Worked it out:

debug dataplane reset ssl-decrypt notify-cache source <IP ADDRESS>

View solution in original post

4 REPLIES 4

L4 Transporter

Have you tried using the following command -

clear session all filter ssl-decrypt yes source <source ip>.

Also, By design, the user's choice to opt-out is honored for a fixed period of 24 hours and cannot be changed.  For the purpose of testing the opt-out page, the user may wish to use a different PC / different source IP / different user.

Hmm, that doesn't seem to clear the Opt-out choice. Any other suggestions; I'm testing against a single machine - I'm sure it must be possible? I do a similar thing to clear the test user's Captive portal mapping to force reauthentication when I was testing CP.

Thanks

Worked it out:

debug dataplane reset ssl-decrypt notify-cache source <IP ADDRESS>

Awesome..I was about to give you the same command.

  • 1 accepted solution
  • 2819 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!