This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

how to manage palo alto ssl/tls service profiles using cli

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

how to manage palo alto ssl/tls service profiles using cli

jdprovine
L4 Transporter

‎07-25-2016 11:55 AM

Its easy enought to change the ssl/tls service profile in the gui but how is it done throught the cli. I want to make sure I know how to do it in case I mess up my gui access.

2 people had this problem.
6 REPLIES 6

TranceforLife
L6 Presenter

‎07-25-2016 12:36 PM - edited ‎07-25-2016 12:38 PM

Hi,

 

The best way to learn is to compare the config. So before commit, you have the option to preview the changes and choose all

 

> set shared ssl-tls-service-profile SSL/TLS-GP protocol-settings max-version
max Max
tls1-0 TLSv1.0
tls1-1 TLSv1.1
tls1-2 TLSv1.2

 

 

sj.PNGshare.PNG

 

jdprovine
L4 Transporter
In response to TranceforLife

‎07-25-2016 12:43 PM

So to go back and change these using the cli is to record the original settings and then go in the cli,  run this command

set shared ssl-tls-service-profi;e SSL/TLC-GP protocol-settomg max-version (what it was before you changed it

0 Likes Likes

TranceforLife
L6 Presenter
In response to jdprovine

‎07-25-2016 12:51 PM - edited ‎07-25-2016 12:51 PM

Hi,

 

Palo has really powerful GUI, so l am trying to use it all the time when I can. For the troubleshooting, it is better to use both CLI and GUI. Let's say you configure something and want to remember the CLI commands or make a note of it. Press commit, chose "Preview changes" then lines of context "all" and check the commands so next time you can modify or configured using CLI if you wish to. 

 

Cheers,

Myky

0 Likes Likes

jdprovine
L4 Transporter
In response to TranceforLife

‎07-25-2016 12:58 PM

Great advice. The thing is we are change the ssl/tls service profile for the management interface and just to be safe we wanted to make sure if we lost access to it through the gui interface we had the option to use the cli to access and change it bakc

0 Likes Likes

jdprovine
L4 Transporter
In response to TranceforLife

‎07-25-2016 01:13 PM

oh this is just the output of your config audit, its not how to set it using the cli commands

0 Likes Likes

TranceforLife
L6 Presenter
In response to jdprovine

‎07-25-2016 01:22 PM

yes it is but you still have the option to create a new one:

 

> set shared ssl-tls-service-profile
SSL/TLS-GP SSL/TLS-GP
sss sss
<value> Profile name

(1)
  • 14559 Views
  • 6 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks