Details
This setting determines whether or not the identity of the update server must be verified before performing an update session.
Note that if an SSL Forward Proxy is configured to intercept the update session, this option may need to be disabled.
Rationale:
Verifying the update server identity before package download ensures the packages originate from a trusted source. Without this, it is possible to receive and install an update from a malicious source.
Solution
Navigate to Device > Setup > Services > Services.
Set the Verify Update Server Identity box to checked.
or
To remediate this setting, execute the following CLI command:
[email protected]#set deviceconfig system server-verification yes
Default Value:
Not configured
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: System and Information Integrity.This control applies to the following type of system Palo_Alto.