scanned the PA webserver we use for our VPN portal with qualys ssl scanner. Got a grade of F. Suggested to disable ....
how can I go about doing this?
According to me, there isn't any option for disabling DH key exchange and 512-bit suites. You can only avoid using them. However, if you have configured IPSEC VPN, you would have to use any one of the DH group while choosing your IKE proposals.
Also, there is no option to disable SSLV2 AND V3, but due to issues related to CVE-2015-0204, our firewall stopped supporting SSLV3 from 6.0.8 and 6.1.2.
Hope this is helpful.
You can not disable any encryption algorithm on PANW firewall. You can either disable on client or server.
You can block it via custom application/signature, but its not going to help. Because client will keep on try to connect on those algorithms which will result in failure attempts.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!