Cloud Management

1. Log in to Strata Cloud Manager.
2. For each desired service, generate or import a certificate.

   1. Select ManageConfigurationNGFW and Prisma AccessObjectsCertificate ManagementCertificates.
   2. In the Custom Certificates pane, Generate or Import a certificate.
   3. Save the certificate.
3. Configure an SSL/TLS service profile.

   1. Select ManageConfigurationNGFW and Prisma AccessObjectsCertificate ManagementCertificates.
   2. In the SSL/TLS Service Profiles pane, click Add Profile.
   3. Enter a Name for the profile.
   4. Select or Import a Certificate.
   5. For Protocol Settings, define the range of TLS versions that the service can use.

      TLSv1.3 support is limited to administrative access to management interfaces and GlobalProtect portals and gateways. You can only attach SSL/TLS service profiles that allow TLSv1.3 to the settings for these services.

      Administrative Access and GlobalProtect Portals and Gateways:

      Set the Min Version and Max Version to TLSv1.3.

      • For the Min Version, select the earliest allowed TLS version: TLSv1.0, TLSv1.1, TLSv1.2, or TLSv1.3.
      • For the Max Version, select the latest allowed TLS version: TLSv1.0, TLSv1.1, TLSv1.2, or TLSv1.3.

      All Other Services:

      Set the Min Version and Max Version to TLSv1.2.

      • For the Min Version, select the earliest allowed TLS version: TLSv1.0, TLSv1.1, or TLSv1.2.
      • For the Max Version, select the latest allowed TLS version: TLSv1.0, TLSv1.1, or TLSv1.2.
4. (Optional) Deselect any Key Exchange Algorithms, Encryption Algorithms, or Authentication Algorithms.
5. Save the profile.
6. Push Config.