How to Disable TLS version 1.0 Negotiation on Panorama management interface
27233
Created On 02/28/19 22:34 PM - Last Modified 07/11/24 13:12 PM
Objective
How to Disable TLS version 1.0 Negotiation on Panorama management interface
Environment
- Any Panorama.
- Software version 8.1 and above.
Procedure
SSL/TLS profile does not apply for Panorama connection which uses port 3978 to connect to the managed firewall.
- From the CLI execute the below command
PA> show management-server disable-tls1-0-status
Disable Management server SSL TLSv1.0 negotiation set to False
The setting of false means TLSv1.0 is enabled
- From CLI run the below commands to disable TLS 1.0
PA> set management-server disable-tls1-0 True
Disable SSL TLSv1.0 negotiation for management server set to True
- Restart the management server
PA> debug software restart process management-server
Process mgmtsrvr was restarted by user admin
- Confirm the same using the below command
PA> show management-server disable-tls1-0-status
Disable Management server SSL TLSv1.0 negotiation set to True
Note that the TLSv1.0 negotiation is disabled.
Additional Information
Note: Restart of the management server will restart all the management-related processes. SSH / Web services will be disconnected. If required, run these commands during a maintenance window.