我们如何验证 SC3 注册过程已完成?

我们如何验证 SC3 注册过程已完成?

6068
Created On 04/16/24 02:14 AM - Last Modified 01/03/25 10:41 AM


Question


当 sc3 注册过程启动时,如何验证 sc3 注册过程是否完成?

Environment


  • 全景
  • 防火墙
  • PAN-OS 10.1 及以上版本

Answer


  1. 一旦在防火墙上配置了 Authkey,防火墙就会将CSR发送到 Panorama 并获取 Panorama 签名的证书。
  2. 要验证 SC3 注册过程是否完成,请检查防火墙是否具有 Panorama 签名证书。
  3. Panorama 上显示的证书主题名称字段应与防火墙证书CN ( cfg.ms.cc ) 匹配。
  4. 防火墙和 Panorama 上的CLI 命令如下所示,其中突出显示了证书名称。
Firewall > show system state filter cfg.ms*

cfg.ms.ca: 6d49b9fe-3e9a-49e7-bd12-0e6b0dd0ada7
cfg.ms.cc: 2dd89c4a-54b2-40cb-888e-5b9524c4bc4b

Panorama > show devices connected

Serial                   Hostname        IPv4            IPv6                             Connected
--------------------------------------------------------------------------
012001061717             Lab32-188-PA-820 10.194.32.188   unknown                                yes
Wildfire Real-time Stream Disabled  VPN Disable Mode: no
  Operational Mode: normal
  HA Cluster State: cluster-unknown
  Certificate Status: 
  Certificate subject Name: 2dd89c4a-54b2-40cb-888e-5b9524c4bc4b
  Certificate expiry at: 2024/07/01 08:12:14
  Connected at: 2024/04/02 17:12:45
  Custom certificate Used: no
  Virtual Systems:
    vsys1(vsys1) shared policy md5sum:()
           shared policy version:
  Last masterkey push status: Unknown
  Last masterkey push timestamp:  none
  Express mode: no
 Device cert present : None
 Device cert expiry date : N/A

Total Connected Devices: 1


Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000008XnLCAU&lang=zh_CN&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language