10-02-2013 02:54 AM
PanOS 4.1.14
How does one clear the cache for an individual client IP, so that the end-user is presented with the SSL Opt-Out page again when they next try a site which uses SSL? All I can think of is clear session all filter ssl-decrypt yes. If I do a show session all I don't know which session ID I should be clearing, if any...
Thanks
10-02-2013 03:25 AM
Worked it out:
debug dataplane reset ssl-decrypt notify-cache source <IP ADDRESS>
10-02-2013 03:10 AM
Have you tried using the following command -
clear session all filter ssl-decrypt yes source <source ip>.
Also, By design, the user's choice to opt-out is honored for a fixed period of 24 hours and cannot be changed. For the purpose of testing the opt-out page, the user may wish to use a different PC / different source IP / different user.
10-02-2013 03:20 AM
Hmm, that doesn't seem to clear the Opt-out choice. Any other suggestions; I'm testing against a single machine - I'm sure it must be possible? I do a similar thing to clear the test user's Captive portal mapping to force reauthentication when I was testing CP.
Thanks
10-02-2013 03:25 AM
Worked it out:
debug dataplane reset ssl-decrypt notify-cache source <IP ADDRESS>
10-02-2013 03:28 AM
Awesome..I was about to give you the same command.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
