diffternt TLS protocolsbetween client and server supported in pan ??

Reply
Highlighted
L0 Member

diffternt TLS protocolsbetween client and server supported in pan ??

we have a legacy client which supported only TLS(1.1) & need to connect to server in cloud which works on TLS1.2 only .. So If we do a SSL Decryption in pan firewall does pan will allow tls1.1 between client and pan firewall and tls 1.2 between pan firewall and cloud server ??

 

Dinesh

Tags (1)
Highlighted
Cyber Elite

@DineshPal 

 

Seems PA has decryption profile under Objects.

It has option to allow 

Min Protocol Version and Maximum Protocol Version

There you can specify TLS1.1as Minimum and TLS1.2 as Maximum

 

Then it will allow all the connection between TLS1.1 and TLS1.2.

However if server only supports 1.2 then SSL decryption will not work as Client only supports TLS1.1

You either need to make change at client or server side 

 

Regards

 

MP
Highlighted
L6 Presenter

@DineshPal,

 

I don't think if any firewall can change SSL/TLS version of in/out traffic. It can decrypt traffic (if it is enabled) and see what is happening but can't change the versions at client and/or server side. Agreed with @MP18 Need to make changes at either client or server side to make it work.

 

Hope it helps!

Mayur



Mayur
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!