While creating a new External Dynamic List from Panorama we cannot specify a Certificate Profile if the EDL is Shared
17682
Created On 06/09/20 10:52 AM - Last Modified 04/14/23 17:14 PM
Symptom
When creating a new EDL from Panorama we cannot choose a Certificate Profile if 'Shared' option is checked.
Environment
Any Physical or Virtual Panorama running PAN-8.0 or higher.
Cause
This is by design since Certificate Profile feature is introduced for EDL in 8.0 onwards.
Resolution
Certificate Profile needs to be created per Vsys/Template.
Workaround
------------------------------
If you have a Global template that is referenced in multiple template stacks, the certificate profile can be created on the Global one.
This will inherit the certificate profiles to all those referenced template stacks.
The certificate profile will be then available for all the corresponding device groups.
It will let you create a device group-specific EDL profile. Shared EDL will still not be available.