Diasble 7.1 Administrative session cipher suites

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Diasble 7.1 Administrative session cipher suites

L2 Linker

Hello,

 

A recent PEN Test has advised we disbale the Arcfour when connecting via SSH to manage the Palo Alto via CLI. 

 

We are on release 7.1.6 (pending upgrade).

 

https://www.paloaltonetworks.com/documentation/global/compatibility-matrix/supported-cipher-suites/c...

 

can you advise please on how we disable these ciphers or if they are removed when upgrading to later code which we are due to do in near future.

 

Many thanks

 

Rayn

1 accepted solution

Accepted Solutions

L7 Applicator

Hi @RyanJohnstone

 

You cannot disable single algorithms, in PAN-OS 7.1 ... but starting ith PAN-OS 8.0 it will be possible.

configure
set deviceconfig system ssh ciphers mgmt aes128-cbc
set deviceconfig system ssh ciphers mgmt aes192-cbc
set deviceconfig system ssh ciphers mgmt aes256-cbc
set deviceconfig system ssh ciphers mgmt aes128-ctr
set deviceconfig system ssh ciphers mgmt aes192-ctr
set deviceconfig system ssh ciphers mgmt aes256-ctr
set deviceconfig system ssh ciphers mgmt aes128-gcm
set deviceconfig system ssh ciphers mgmt aes256-gcm

View solution in original post

2 REPLIES 2

L7 Applicator

Hi @RyanJohnstone

 

You cannot disable single algorithms, in PAN-OS 7.1 ... but starting ith PAN-OS 8.0 it will be possible.

configure
set deviceconfig system ssh ciphers mgmt aes128-cbc
set deviceconfig system ssh ciphers mgmt aes192-cbc
set deviceconfig system ssh ciphers mgmt aes256-cbc
set deviceconfig system ssh ciphers mgmt aes128-ctr
set deviceconfig system ssh ciphers mgmt aes192-ctr
set deviceconfig system ssh ciphers mgmt aes256-ctr
set deviceconfig system ssh ciphers mgmt aes128-gcm
set deviceconfig system ssh ciphers mgmt aes256-gcm

Thanks for response, we are looking to move up to 8.1 so will use below then.

 

many thanks again

 

Ryan

  • 1 accepted solution
  • 3160 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!