This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About conceptelectronics
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About conceptelectronics
01-08-2020
4Posts
1Like
0Solutions
Jan 08, 2020Last Visited
User
Activity
User
Profile
Latest posts by conceptelectronics
| Subject | Views | Posted |
|---|---|---|
| 1998 | 04-11-2013 11:37 PM | |
| 2031 | 04-05-2013 03:14 AM | |
| 2171 | 04-04-2013 08:54 AM | |
| 5092 | 04-04-2013 12:11 AM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 Like | 04-04-2013 12:11 AM |
User Badges
Community Statistics
| Member Since | 01-28-2011 11:31 PM |
| Date Last Visited | 01-08-2020 12:59 AM |
| Posts | 4 |
| Total Likes Received | 1 |
04-11-2013
11:37 PM
Hello, Can anyone tell me if there is a known list with compatible smart-card types and vendors, that can be used with Global Protect, Or if there is any known issue with any of the types or vendors. Thanks, Costin
... View more
Labels:
- Labels:
-
Configuration
-
Troubleshooting
04-05-2013
03:14 AM
Thanks, That solved the cache clearing problem, but I still have an issue with the ocsp update time. And also there is a difference in the time showed on the device and in the ocsp debug. admin@pa5050(active)> debug sslmgr view ocsp all Current time is: Fri Apr 5 10:19:48 2013 Count Serial Number (HEX) Status Next Update Revocation Time Reason Issuer Name Hash OCSP Responder URL ------- ---------------------------------------- ----------- ------------------------ ------------------------ ---------- [ 1] 15BA94EB8D8B7993 valid Apr 11 15:02:34 2013 GMT 09b9f61a http://tpp.sniep.ro/ocsp admin@pa5050(active)> show clock Fri Apr 5 13:19:55 EEST 2013 admin@pa5050(active)>
... View more
04-04-2013
08:54 AM
Hi, We are implementing a SSL-VPN solution using Global Protect and our own CA. From what I have seen the OCSP queries are made on demand, when the certificate is presented for the first time, and then at a fixed interval(60 minutes). I tried changing the interval using the "debug sslmgr set ocsp-next-update-time" but did not have any effect on the update interval. I wanted to test the PKI infrastructure and modify the state of a certain certificate. Even though I cleared the ocsp cache "debug sslmgr delete ocsp all", when I used the certificate for witch PA had cached a oscp query(that I deleted earlier) PA used the old state of the certificate. Is there any other way to effectively clear the ocsp cache, or modify the ocsp update time? Thanks, Costin
... View more
Labels:
- Labels:
-
Configuration
-
Troubleshooting
04-04-2013
12:11 AM
1 Kudo
Hi! we are trying to implement a SSL VPN connection through Global Protect using certificates from our own CA. We imported the root, intermediate and server certificate, but after configuring the portal we see an warning after commit: " cannot find complete certificate chain for certificate.." , and we don't see any traffic from the Palo Alto trying to validate the certificate. I would like to know if there is any way to see from CLI the source of this error, in order to troubleshoot the problem. Thanks!
... View more
Labels:
- Labels:
-
Configuration
-
Troubleshooting
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks