PCI compliance scan failed for GlobalProtect IP address not using minimum version of TLS 1.2
Running PAN-OS 6.1.4 and below, by default the GlobalProtect Agent connects using TLS 1.0.
To resolve this, we have to configure a minimum version of TLS to be used to secure the connection between the GlobalProtect agent and the firewall.
My customer has the same problem. PA is a vPA VM-100 on Software Version 8.1.0 and GlobalProtect Agent 4.1.2.
All setting match per the items above in the article. However, the scan is showing Global Protect Portal IP allows TLS 1.0.
How to disallow TLS version prior to 1.2?
did you set the tls profile to only allow minimum version 1.2 ?
Thank you. Yes, we did. This is resolved now.