diffternt TLS protocolsbetween client and server supported in pan ??

Showing results for 
Search instead for 
Did you mean: 

diffternt TLS protocolsbetween client and server supported in pan ??

L0 Member

we have a legacy client which supported only TLS(1.1) & need to connect to server in cloud which works on TLS1.2 only .. So If we do a SSL Decryption in pan firewall does pan will allow tls1.1 between client and pan firewall and tls 1.2 between pan firewall and cloud server ??




Cyber Elite
Cyber Elite



Seems PA has decryption profile under Objects.

It has option to allow 

Min Protocol Version and Maximum Protocol Version

There you can specify TLS1.1as Minimum and TLS1.2 as Maximum


Then it will allow all the connection between TLS1.1 and TLS1.2.

However if server only supports 1.2 then SSL decryption will not work as Client only supports TLS1.1

You either need to make change at client or server side 





Cyber Elite
Cyber Elite



I don't think if any firewall can change SSL/TLS version of in/out traffic. It can decrypt traffic (if it is enabled) and see what is happening but can't change the versions at client and/or server side. Agreed with @MP18 Need to make changes at either client or server side to make it work.


Hope it helps!


Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!