How Do I Choose a Cipher to Negotiate (disable or enable ciphers) in GlobalProtect?
Created On 04/15/19 19:57 PM - Last Modified 10/31/20 00:41 AM
How do I choose which ciphers to be negotiated (disable or enable ciphers) in GlobalProtect on PAN-OS 8.1?
- PAN-OS 8.1 and above
- Palo Alto Networks Firewall
- SSL TLS profile.
It is now possible to choose which ciphers to be negotiated (disable or enable ciphers) in GlobalProtect on PAN-OS 8.1.
This can be done only via CLI but not on the web interface.
Here is the command:
> configure # set shared ssl-tls-service-profile <name> protocol settings + auth-algo-sha1 Allow authentication SHA1 + auth-algo-sha256 Allow authentication SHA256 + auth-algo-sha384 Allow authentication SHA384 + enc-algo-3des Allow algorithm 3DES ….
NOTE: This feature was added in PAN-OS 8.1, so it is not available in prior versions.