08-28-2020 02:30 PM
We're on 9.0.9 and want to turn on the feature allowing users to connect to GlobalProtect using SSL if there is a need.
Is there anywhere in the Monitor tab you can look to find what encryption is used for a particular users connection?
I read this where it says, "The gateway responds to the request and selects the encryption and authentication algorithm to use based on the configuration of the GlobalProtect IPSec Crypto Profile (Get-Config-Response)." In our GlobalProtect IPSec Crypto Profile we have two options entered: aes-128-gcm and aes-256-gcm, so that doesn't clearly tell me which one will be used and it sounds like it could be either. The TLS version being used is 1.2, if that influences the selection...
10-26-2020 04:25 AM
If you keep the default PANW GP settings, you will be using TLS1.0.
As of March 2020, browser support (Chrome, Firefox, IE products) have removed support for TLS 1.1 and TLS 1.0
You should ONLY be allowing TLS 1.2.
TLS and SSL are the same, so your users are using SSL, but technically, the protocol is TLS.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
