we have a legacy client which supported only TLS(1.1) & need to connect to server in cloud which works on TLS1.2 only .. So If we do a SSL Decryption in pan firewall does pan will allow tls1.1 between client and pan firewall and tls 1.2 between pan firewall and cloud server ??
Seems PA has decryption profile under Objects.
It has option to allow
Min Protocol Version and Maximum Protocol Version
There you can specify TLS1.1as Minimum and TLS1.2 as Maximum
Then it will allow all the connection between TLS1.1 and TLS1.2.
However if server only supports 1.2 then SSL decryption will not work as Client only supports TLS1.1
You either need to make change at client or server side
I don't think if any firewall can change SSL/TLS version of in/out traffic. It can decrypt traffic (if it is enabled) and see what is happening but can't change the versions at client and/or server side. Agreed with @MP18 Need to make changes at either client or server side to make it work.
Hope it helps!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!