Hi, Is there and if so what is the difference on processing speed of a PA rulebase when most hit rules are on top vs when most hit rules are spread throughout the rule base? For example: Imagine a rulebase of 15000 rules. What would be the processing speed difference if a certain rule is hit 10000 times a day if it's on top (say 1th rule in the rulebase) or when it is the last rule in the rulebase.
... View more
@Sec101 As I had the same question I did some investigation 🙂 You need to: - Enable OCSP checking in Device > Session => Decryption Settings - Create an HTTP OCSP Service Management Profile under Network Profiles > Interface Management - Create An OCSP Responder under Device > Certificate Management > OCSP Responder - Create Client Certificates with this Responder as OCSP Responder - make sure OCSP checking is enabled on the Certificate profile used for GP Next to that: Pay attention that if you revoke the certificate in the Certificate store it isn't automatically and immediatly revoked for the GP service as OCSP is cached on the FW: To immediatly have affect you need to execute the following commands in CLI debug sslmgr delete ocsp all (or instead of all tab comlete with your OCSP URL debug dataplane reset ssl-decrypt certificate-status Now the certificate will be revoked and if the client tries to (re)connect it will get that message.
... View more