This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Extract data of all ciphers and protocols that enabled or disabled in palo alto firewalls

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Extract data of all ciphers and protocols that enabled or disabled in palo alto firewalls

Go to solution
pradeepbabar4
L1 Bithead

‎06-03-2021 06:56 AM

how can i Extract data of all ciphers and protocols that enabled or disabled in palo alto firewalls.

 

And How can i Ensure all weak ciphers and protocols are disabled before exposing an application to the Internet in palo alto firewalls.

 

0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
BPry
Cyber Elite
Cyber Elite

‎06-03-2021 08:37 AM

@pradeepbabar4,

@pradeepbabar4 wrote:

how can i Extract data of all ciphers and protocols that enabled or disabled in palo alto firewalls.

 

From what aspect? Are we talking about the what ciphers and protocols are enabled on the GUI, or what's being used on your inbound decryption profiles? 

 

@pradeepbabar4 wrote:

And How can i Ensure all weak ciphers and protocols are disabled before exposing an application to the Internet in palo alto firewalls.

From an application standpoint this needs to be verified by the application owner, or otherwise directly on the resource you are planning to expose. If you are performing inbound decryption you can somewhat control what ciphers are being utilized, but they need to line up with what the application is actually offering to prevent issues.

You can view what is being offered by running a packet capture, but I would simply ask the application owner for what they are supporting on their end.

View solution in original post

0 Likes Likes
(1)
4 REPLIES 4

Go to solution
BPry
Cyber Elite
Cyber Elite

‎06-03-2021 08:37 AM

@pradeepbabar4,

@pradeepbabar4 wrote:

how can i Extract data of all ciphers and protocols that enabled or disabled in palo alto firewalls.

 

From what aspect? Are we talking about the what ciphers and protocols are enabled on the GUI, or what's being used on your inbound decryption profiles? 

 

@pradeepbabar4 wrote:

And How can i Ensure all weak ciphers and protocols are disabled before exposing an application to the Internet in palo alto firewalls.

From an application standpoint this needs to be verified by the application owner, or otherwise directly on the resource you are planning to expose. If you are performing inbound decryption you can somewhat control what ciphers are being utilized, but they need to line up with what the application is actually offering to prevent issues.

You can view what is being offered by running a packet capture, but I would simply ask the application owner for what they are supporting on their end.

0 Likes Likes
(1)

Go to solution
pradeepbabar4
L1 Bithead
In response to BPry

‎06-06-2021 06:45 PM

Thank you for valuable response, it is helpful.

Actually from management team they want to know which are the protocols & cipher are there which are negotiating  before exposing an application to the Internet from your comments i got an idea that whichever applications are there from our internal webserver are responsible for negotiating the protocol/cipher suites.

And the services like Global Protect, IPsec which are provided by firewall are responsible for  negotiating the protocol/cipher suites.

My understanding is correct right?

0 Likes Likes

Go to solution
pradeepbabar4
L1 Bithead
In response to OtakarKlier

‎06-06-2021 06:55 PM

Thank you for you valuable response & sharing informative links.

I am not able to understand the matrix supported cipher suites, in website they have two column named as FEATURE OR FUNCTION and CIPHERS SUPPORTED IN PAN-OS 8.1 RELEASES what does it means.

 

Does it means that this are the cipher suite list which are available and we have to select one of the cipher suite for negotiation from available list ?

Also i want to know any SSL/TLS service profile we configured & if we configured minimum version as an TLSV1.1 or TLSV1.2 then what will be default cipher suite for negotiation, since there is no any option in GUI to select cipher suite which we want to be negotiatie.  

0 Likes Likes
  • 1 accepted solution
  • 2919 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks