Hi guys, I've found out what the problem was. When using multiple virtual systems, if the Location drop-down menu under Device Certificates is set to "Shared", I am able to reproduce the problem where I can check the checkbox for Forward Trust Certificate, click OK, but then the check disappears. When I select a specific virtual system, I can see that the Forward Trust Certificate is checked and I can also remove the check. So the key is to be in an actual virtual context when enabling or disabling the Forward Trust Certificate option, rather than be in the shared context. The WebUI is misleading because under the shared context, the Forward Trust Certificate checkbox displays as an option and can be checked, but since the check disappears after clicking OK, it gives the impression that the feature is not enabled. The logs even show that the option was set successfully in the config logs. The WebUI should be updated to let the user know that the option should only be enabled under the appropriate virtual context. PA support also didn't know about this behaviour and they mentioned that they'll be writing a KB article to document it.
... View more