Diasble 7.1 Administrative session cipher suites

Reply
L2 Linker

Diasble 7.1 Administrative session cipher suites

Hello,

 

A recent PEN Test has advised we disbale the Arcfour when connecting via SSH to manage the Palo Alto via CLI. 

 

We are on release 7.1.6 (pending upgrade).

 

https://www.paloaltonetworks.com/documentation/global/compatibility-matrix/supported-cipher-suites/c...

 

can you advise please on how we disable these ciphers or if they are removed when upgrading to later code which we are due to do in near future.

 

Many thanks

 

Rayn

L7 Applicator

Re: Diasble 7.1 Administrative session cipher suites

Hi @RyanJohnstone

 

You cannot disable single algorithms, in PAN-OS 7.1 ... but starting ith PAN-OS 8.0 it will be possible.

configure
set deviceconfig system ssh ciphers mgmt aes128-cbc
set deviceconfig system ssh ciphers mgmt aes192-cbc
set deviceconfig system ssh ciphers mgmt aes256-cbc
set deviceconfig system ssh ciphers mgmt aes128-ctr
set deviceconfig system ssh ciphers mgmt aes192-ctr
set deviceconfig system ssh ciphers mgmt aes256-ctr
set deviceconfig system ssh ciphers mgmt aes128-gcm
set deviceconfig system ssh ciphers mgmt aes256-gcm
L2 Linker

Re: Diasble 7.1 Administrative session cipher suites

Thanks for response, we are looking to move up to 8.1 so will use below then.

 

many thanks again

 

Ryan

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!