You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
The initial implementation of the plugin in #2613 ignores all TLS certificates by hardcoded default. This practice is very bad from a security standpoint.
Describe the solution you'd like
Really, the default should always be to verify. Options to disable verification, or to pin to a specific certificate should be added to ipdevpoll.conf. However, pinned certificates could be different for each firewall, which would require an equally stupid mechanism to pin a certificate for each Palo Alto IP device. The latter we might instead want to store as a custom attribute of the Netbox itself, and just a config option in ipdevpoll.conf to tell the plugin to use that whenever present?
Describe alternatives you've considered
Leave things as they are.
The text was updated successfully, but these errors were encountered:
Is your feature request related to a problem? Please describe.
The initial implementation of the plugin in #2613 ignores all TLS certificates by hardcoded default. This practice is very bad from a security standpoint.
Describe the solution you'd like
Really, the default should always be to verify. Options to disable verification, or to pin to a specific certificate should be added to
ipdevpoll.conf
. However, pinned certificates could be different for each firewall, which would require an equally stupid mechanism to pin a certificate for each Palo Alto IP device. The latter we might instead want to store as a custom attribute of the Netbox itself, and just a config option inipdevpoll.conf
to tell the plugin to use that whenever present?Describe alternatives you've considered
Leave things as they are.
The text was updated successfully, but these errors were encountered: