https://live.paloaltonetworks.com/t5/general-topics/firewall-he-is-covering-under-some-vulnerability/m-p/49683#M36593 <HTML><HEAD></HEAD><BODY><P>Hi Satish,</P><P></P><P>When you talk about SSL there are two things.</P><P>1. SSL to PANW box</P><P>2. SSL passthrough from PANW box</P><P></P><P>Currently there is no feature to disable/enable supported SSL version. FIPS mode doesnt support weak cipher, however FIPS mode has its own issues. </P><P></P><P>You can not change SSL behavior as long as client/server agrees on ciphers.</P><P></P><P>Regards,</P><P>Hardik Shah</P></BODY></HTML> Mon, 28 Jul 2014 16:43:01 GMT hshah 2014-07-28T16:43:01Z https://live.paloaltonetworks.com/t5/general-topics/firewall-he-is-covering-under-some-vulnerability/m-p/49682#M36592 <HTML><HEAD></HEAD><BODY><P>Hi friends,</P><P></P><P>Need suggestion </P><P><SPAN lang="EN-IN" style="color: #44546a;">Actually when auditor running Vulnerability scaner tool then on Firewall he is covering under some vulnerability</SPAN></P><P></P><P><SPAN lang="EN-IN" style="font-size: 10.0pt; font-family: 'Arial','sans-serif';">&gt; Upgrade to the latest version of OpenSSL</SPAN></P><P><SPAN lang="EN-IN" style="font-size: 10.0pt; font-family: 'Arial','sans-serif';">&gt;&nbsp; Use a strong key</SPAN></P><P><SPAN lang="EN-IN" style="font-size: 10.0pt; font-family: 'Arial','sans-serif';">&gt;&nbsp; Disable SSL support for weak ciphers</SPAN></P><P></P><P><SPAN lang="EN-IN" style="color: #44546a;">So for the current version of Firewall customer has 6.0 version software then is this version is free from vulnerability, can you check and suggest how to come out from above theree points detected by scan tool</SPAN></P></BODY></HTML> Mon, 28 Jul 2014 15:59:48 GMT https://live.paloaltonetworks.com/t5/general-topics/firewall-he-is-covering-under-some-vulnerability/m-p/49682#M36592 Satish 2014-07-28T15:59:48Z https://live.paloaltonetworks.com/t5/general-topics/firewall-he-is-covering-under-some-vulnerability/m-p/49683#M36593 <HTML><HEAD></HEAD><BODY><P>Hi Satish,</P><P></P><P>When you talk about SSL there are two things.</P><P>1. SSL to PANW box</P><P>2. SSL passthrough from PANW box</P><P></P><P>Currently there is no feature to disable/enable supported SSL version. FIPS mode doesnt support weak cipher, however FIPS mode has its own issues. </P><P></P><P>You can not change SSL behavior as long as client/server agrees on ciphers.</P><P></P><P>Regards,</P><P>Hardik Shah</P></BODY></HTML> Mon, 28 Jul 2014 16:43:01 GMT https://live.paloaltonetworks.com/t5/general-topics/firewall-he-is-covering-under-some-vulnerability/m-p/49683#M36593 hshah 2014-07-28T16:43:01Z https://live.paloaltonetworks.com/t5/general-topics/firewall-he-is-covering-under-some-vulnerability/m-p/49684#M36594 <HTML><HEAD></HEAD><BODY><P>Hi Hardik,</P><P></P><P>My question is that if every this is oky then why scaner are detected <SPAN style="color: #44546a; font-family: 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif;">theree points.</SPAN></P><P></P><P>Regards</P><P>Satish</P></BODY></HTML> Mon, 28 Jul 2014 17:13:26 GMT https://live.paloaltonetworks.com/t5/general-topics/firewall-he-is-covering-under-some-vulnerability/m-p/49684#M36594 Satish 2014-07-28T17:13:26Z https://live.paloaltonetworks.com/t5/general-topics/firewall-he-is-covering-under-some-vulnerability/m-p/49685#M36595 <HTML><HEAD></HEAD><BODY><P>Hi Satish,</P><P></P><P>It seem scanner has detected SSL related vulnerability, please share vulnerability with us.</P><P></P><P>I can provide more precise information after getting vulnerability.</P><P></P><P>Regards,</P><P>Hardik Shah</P></BODY></HTML> Mon, 28 Jul 2014 17:37:13 GMT https://live.paloaltonetworks.com/t5/general-topics/firewall-he-is-covering-under-some-vulnerability/m-p/49685#M36595 hshah 2014-07-28T17:37:13Z