Device Certificates with External Dynamic Lists (EDL) Video

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Community Blogs
1 min read
L7 Applicator

Device Certs and EDL.png

This is a follow up Video Blog helping to explain how to create device certificates (certs) when dealing with External Dynamic Lists (EDL) with a Palo Alto Networks device.

 

Ryan Pere helps explain the process in the following video:


This is a follow up from Ryan's first video with External Dynamic Lists (EDL) that was published a couple of months ago.

 

Here is that previous EDL blog here:
https://live.paloaltonetworks.com/t5/blogs/configure-external-dynamic-lists-edl-video-tutorial/ba-p/...

 

And here is that other video on External Dynamic Lists if you didn't see it:
https://www.youtube.com/watch?v=QFVI4sOFoaI

 

Thanks for taking time to read my blog.
If you enjoyed this, please hit the Like (thumb up) button, don't forget to subscribe to the LIVEcommunity Blog area.

 

As always, we welcome all comments and feedback in the comments section below.

 

Stay Secure,
Joe Delio
End of line

1 Comment
L0 Member

I am unsure still as to why this is needed.  I am assuming that when the firewall connects to a TLS secured EDL site that it would as part of the TLS handshake verify the Site with the default CA Trust list, which would already contain the DigiCert Root CA.  I know the palo firewalls are not smart enough to reach out and complete the Certificate chain if the Site does is not configured correctly with the Sub CA chain, but if it is, there should be no need to add the Sub CA.  

If the firewall is verifying the Cert during the TLS handshake which it should be doing then the Certificate profile is not needed, as it is doing the same thing, except limiting the Site to only work if the TLS certificate is signed by the one and only CA.  What happens if the Site owner decided to utilise a different CA the next time the site certificate needs to be renewed.  The EDL will fail to be updated on the firewalls. 

  • 4715 Views
  • 1 comments
  • 1 Likes
Register or Sign-in
Labels
Top Liked Authors