- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
03-27-2015 08:49 AM
scanned the PA webserver we use for our VPN portal with qualys ssl scanner. Got a grade of F. Suggested to disable ....
how can I go about doing this?
03-27-2015 09:16 AM
Hi Choff,
According to me, there isn't any option for disabling DH key exchange and 512-bit suites. You can only avoid using them. However, if you have configured IPSEC VPN, you would have to use any one of the DH group while choosing your IKE proposals.
Also, there is no option to disable SSLV2 AND V3, but due to issues related to CVE-2015-0204, our firewall stopped supporting SSLV3 from 6.0.8 and 6.1.2.
Hope this is helpful.
Regards,
Ramya
03-27-2015 10:28 AM
Hi Choffr,
You can not disable any encryption algorithm on PANW firewall. You can either disable on client or server.
You can block it via custom application/signature, but its not going to help. Because client will keep on try to connect on those algorithms which will result in failure attempts.
Regards,
Hardik Shah
03-27-2015 10:33 AM
Hi Choffr,
I am agree with Hardik.
tnx
Satish
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!