A remote administrator needs firewall access on an untrusted interface. Which two components are required on the firewall to configure certificate-based administrator authentication to the web UI? (Choose two.)
B and C. Step 1. Generate a CA certificate ON THE FIREWALL. Step 2. Create a certificate profile for securing access to the web interface. The cruxt of the question is what is needed ON THE FIREWALL
BC -
Just worked through the links and you can't have the config on FW without the cert profile (Configure the firewall to use the certificate profile for authenticating administrators on the interface.) You also need the CA cert to generate the client certs for the admins, but then you will export them and don't need them anymore on the fw!?! Correct me if I'm wrong here, haven't LABed it yet. So answer CAcert & cert profile.
https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/firewall-administration/manage-firewall-administrators/configure-administrative-accounts-and-authentication/configure-certificate-based-administrator-authentication-to-the-web-interface
You need a CA, cert profile and client cert.
You are 100% correct, however the question mentions " Which two components are required on the firewall" , so I guess it should be CA and Cert Profile. (BC)
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
GBD35055
Highly Voted 12 months agoTAKUM1y
Highly Voted 10 months, 3 weeks agohz78
Most Recent 4 months, 2 weeks agoadoua
9 months, 1 week agomz101
10 months, 1 week agobimyo
1 year agoDrNick0
1 year agosujss
8 months agomillosz222
1 year ago