08-29-2017 04:54 AM
we have done to install PALO ALTO 3020 on our network, but I have a problem as follows.
Now I have minimum 150 PCs not join the domain, and we need to deploy the CA for all of them by the automatid way!!!
everyone from this PCs has a User Name on Active Directory
08-29-2017 06:53 AM
You have anything to manage those machines? Kace? Otherwise I guess you have to users install the cert on their own or write a script to do it for them? Same problem here but haven't deployed SSL decryption yet.
08-30-2017 06:23 AM
I don't have anything to manage those machines, just I have Active Directory maybe if you have any solution write it here, please
08-30-2017 07:41 AM
Still, we not working on global protect. and this non-join-domain Is an employee bringing his own computer or his laptop windows based.
08-30-2017 12:02 PM
With global protect(PAN-OS 8.0.x and GP 4.0.x) you'd have the ability to install a root CA in the clients trust store ... also on non domain joined computers.
But in your case, the only way is that your users install the cert on their own
09-01-2017 03:08 PM
My understanding that I need to deploy the CA for all the user's device by device!
no way to deploy the CA by an automated way.
If I correct please tell me 🙂
09-01-2017 08:00 PM
Yes to be able to decrypt SSL you need to install your own CA cert into all devices.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!