GUI not working after upgrade of the the firewall to 11.0.0.

GUI not working after upgrade of the the firewall to 11.0.0.

27417
Created On 12/21/22 01:01 AM - Last Modified 01/05/23 03:59 AM


Symptom


  • PAN-OS upgraded on the firewall to 11.0.0
  • GUI connectivity does not work.
  • GlobalProtect Portal configured on the Firewall does not work either
  • Accessing the portal URL using Web browser displays "ERR_SSL_KEY_USAGE_INCOMPATIBLE" 

Environment


  • Palo Alto Firewall Upgrade PAN-OS 11.0.0.
  • SSL-TLS profile configured for Web Access.
  • GlobalProtect Portal configured 

Cause


  • When SSL/TLS service profile, protocol setting's max version is set to max.
  • The client machine using TLSv1.2 fails to negotiate with the server which is responding at TLSv1.3.
  • The issue is seen when configured SSL-TLS profile is used either in the GlobalProtect configuration or for management Web Access.

Resolution


  1. Set the TLS max version to 1.2 using CLI
> set shared ssl-tls-service-profile <SSL policy> protocol-settings max-version TLSv1.2
> configure
# commit
# exit

Or If one has access to GUI, Use

  1. Device > certificate management > SSL/TLS service profile
  2. Use the dropdown to set e protocol settings to the TLSv1.2:

image.png


 

Additional Information


4 Jan 22 (Vijay) - Article updated with Adnan and published external.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000saCQCAY&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language