PAN-OS & Panorama
Table of Contents
Expand All
|
Collapse All
Next-Generation Firewall Docs
-
-
- Cloud Management of NGFWs
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
- PAN-OS 9.1 (EoL)
-
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
-
-
-
- Cloud Management and AIOps for NGFW
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1
- PAN-OS 11.2
- PAN-OS 8.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 9.1 (EoL)
PAN-OS & Panorama
PAN-OS: Specify a certificate, TLS protocol versions, and ciphers that you want
connections to various Palo Alto Networks services support.
- For each desired service, generate or import a certificate on the firewall (see Obtain Certificates).Use only signed certificates, not CA certificates, in SSL/TLS service profiles.
- Select.DeviceCertificate ManagementSSL/TLS Service Profile
- If the firewall has more than one virtual system (vsys), select theLocation(vsys orShared) where the profile is available.
- ClickAddand enter aNameto identify the profile.
- Select theCertificateyou obtained in step one.
- UnderProtocol Settings, define the range of TLS versions that the service can use.TLSv1.3 support is limited to administrative access to management interfaces and GlobalProtect portals and gateways. You can only attach SSL/TLS service profiles that allow TLSv1.3 to the settings for these services.
- Administrative Access and GlobalProtect Portals and Gateways:Set theMin VersionandMax VersiontoTLSv1.3.
- For theMin Version, select the earliest allowed TLS version:TLSv1.0,TLSv1.1,TLSv1.2, orTLSv1.3.
- For theMax Version, select the latest allowed TLS version:TLSv1.0,TLSv1.1,TLSv1.2, orTLSv1.3.
- All Other Services:Set theMin VersionandMax VersiontoTLSv1.2.
- For theMin Version, select the earliest allowed TLS version:TLSv1.0,TLSv1.1, orTLSv1.2.
- For theMax Version, select the latest allowed TLS version:TLSv1.0,TLSv1.1, orTLSv1.2.
- (Optional) Deselect anyKey Exchange Algorithms,Encryption Algorithms, orAuthentication Algorithms.
- ClickOKandCommityour changes.