How to disable TLS v1.0 and TLS v1.1 on SCM managed Prisma Access GlobalProtect Portal with custom domain name

How to disable TLS v1.0 and TLS v1.1 on SCM managed Prisma Access GlobalProtect Portal with custom domain name

934
Created On 06/17/25 10:56 AM - Last Modified 10/21/25 20:16 PM


Objective


  • Due security concerns many companies have security requirement to use TLS v1.2 as a minimum TLS version.
  • However on the Prisma Access GlobalProtect Portal with custom domain name TLS v1.0 and TLS v1.1 might be enabled.
  • This article describes how to disable TLS v1.0 and TLS v1.1 on SCM managed Prisma Access GlobalProtect Portal with custom domain name.

Environment


  • Prisma Access managed by Strata Cloud Manager
  • GlobalProtect Portal with custom domain name configured

Procedure


  1. Open Strata Cloud Manager portal.
  2. Navigate to Manage -> Configuration > NGFW and Prisma Access -> change configuration scope to GlobalProtect (top of page) -> Objects -> Certificate Management -> SSL/TLS Service Profiles -> "muCustomDomainSSLProfile".
  3. "muCustomDomainSSLProfile" SSL/TLS Service Profile is responsible for managing TLS setting for GP portal, change min TLS version to v1.2 there and save changes.
  4. Perform Push Config.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA1Ki000000k9rGKAQ&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail