How Do I Choose a Cipher to Negotiate (disable or enable ciphers) in GlobalProtect?

How Do I Choose a Cipher to Negotiate (disable or enable ciphers) in GlobalProtect?

14687
Created On 04/15/19 19:57 PM - Last Modified 10/31/20 00:41 AM


Question
How do I choose which ciphers to be negotiated (disable or enable ciphers) in GlobalProtect on PAN-OS 8.1?

Environment
  • PAN-OS 8.1 and above
  • Palo Alto Networks Firewall 
  • SSL TLS profile.
 
 


Answer
It is now possible to choose which ciphers to be negotiated (disable or enable ciphers) in GlobalProtect on PAN-OS 8.1.
This can be done only via CLI but not on the web interface.
 
Here is the command: 
> configure
# set shared ssl-tls-service-profile <name> protocol settings
+ auth-algo-sha1         Allow authentication SHA1
+ auth-algo-sha256       Allow authentication SHA256
+ auth-algo-sha384       Allow authentication SHA384
+ enc-algo-3des          Allow algorithm 3DES
….


NOTE: This feature was added in PAN-OS 8.1, so it is not available in prior versions.
 


Additional Information
 
 
 


Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/kCSArticleDetail?id=kA10g000000PLbL&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FkCSArticleDetail

Attachments
Choose Language