GUI access to a firewall or Panorama is lost after configuring or modifying an SSL/TLS service profile for management access in PAN-OS 11.0

GUI access to a firewall or Panorama is lost after configuring or modifying an SSL/TLS service profile for management access in PAN-OS 11.0

10104
Created On 10/03/23 08:20 AM - Last Modified 10/03/23 15:00 PM


Symptom


GUI access is lost after creating or modifying a management access SSL/TLS profile with the following configuration:
  • Min version: TLSv1.2
  • Max version: Max

Environment


  • PAN-OS 11.0
  • Any Palo Alto Firewall or Panorama

Cause


Support for TLSv1.3 management access was added in PAN-OS 11.0 via new General Settings fields, and the interaction between this new feature and the TLS/SSL profile settings caused a conflict.

Resolution


This issue will be addressed in a future code release for 11.0. Until then, the workaround below can be used to avoid losing access to the GUI:
  1. Navigate to the General Settings under Device/Panorama > Setup > Management > General Settings and then click on Management TLS mode and change it to mixed-mode and click OK.
  2. Change the Management TLS mode to exclude-tlsv1.3 and then click OK.
  3. Commit
    1. If performed from a Panorama Device Template, push the change to the firewalls.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000g2K1CAI&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language