- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
07-25-2016 11:55 AM
Its easy enought to change the ssl/tls service profile in the gui but how is it done throught the cli. I want to make sure I know how to do it in case I mess up my gui access.
07-25-2016 12:36 PM - edited 07-25-2016 12:38 PM
Hi,
The best way to learn is to compare the config. So before commit, you have the option to preview the changes and choose all
> set shared ssl-tls-service-profile SSL/TLS-GP protocol-settings max-version
max Max
tls1-0 TLSv1.0
tls1-1 TLSv1.1
tls1-2 TLSv1.2
07-25-2016 12:43 PM
So to go back and change these using the cli is to record the original settings and then go in the cli, run this command
set shared ssl-tls-service-profi;e SSL/TLC-GP protocol-settomg max-version (what it was before you changed it
07-25-2016 12:51 PM - edited 07-25-2016 12:51 PM
Hi,
Palo has really powerful GUI, so l am trying to use it all the time when I can. For the troubleshooting, it is better to use both CLI and GUI. Let's say you configure something and want to remember the CLI commands or make a note of it. Press commit, chose "Preview changes" then lines of context "all" and check the commands so next time you can modify or configured using CLI if you wish to.
Cheers,
Myky
07-25-2016 12:58 PM
Great advice. The thing is we are change the ssl/tls service profile for the management interface and just to be safe we wanted to make sure if we lost access to it through the gui interface we had the option to use the cli to access and change it bakc
07-25-2016 01:13 PM
oh this is just the output of your config audit, its not how to set it using the cli commands
07-25-2016 01:22 PM
yes it is but you still have the option to create a new one:
> set shared ssl-tls-service-profile
SSL/TLS-GP SSL/TLS-GP
sss sss
<value> Profile name
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!