cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Who rated this post

I was able to reproduce the exact same issue.

 

If you are not a non vsys firewall and on a previous version with GP Config, as soon as you move to 7.0.X, it creates a corresponding SSL/TLS profile under vsys config. Now this cannot be accesses via GUI or CLI.

 

Here is what you can do to get rid of it.

 

1. Create a similar SSL/TLS profile under shared hierarchy but with a different name. Bind the same certificate as the previous one.

 

2. Change the SSL/TLS profile binded to the Portal and Gateway configs to this new one.

 

3. Delete the SSL/TLS profile using either of below methods:

    a) Export and delete config

        i. Export this candidate config using config snapshot to your PC.

        ii. Go to the SSL/TLS profile under shared hierarchy and delete the profile. Save the file

        iii. Reimport this config into firewall and load the config, and then commit

 

    b) Using XML APIs

        i. Generate XML API Key using a broswer tab: https://<hostname>/api/?type=keygen&user=<username>&password=<password>

        ii. Note the keyvalue. Use this in the next step

        ii. Copy the following URL in the browser: https://<hostname>/api/?type=config&action=delete&key=<keyvalue>&xpath=/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/ssl-tls-service-profile/entry[@name='GP_GD_Chained_2019-ssl-tls-service-profile']

 

 

View solution in original post

Who rated this post