Hi @Moritz ,
Supported cipher suites will vary depending on your PAN-OS version. What's your current version and how is your decryption profile configured ?
As an example, some earlier PAN-OS versions only supported DHE or ECDHE for SSL Forward Proxy (it wasn't not supported for Inbound Inspection).
You might want to do some more debugging and check on which cipher suite client/server agree upon in the SSL handshake and compare that to the compatibility matrix to see if it's actually supported:
https://docs.paloaltonetworks.com/compatibility-matrix/supported-cipher-suites.html
Hope it helps
-Kiwi.
LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and
“Accept as Solution” if a post helps solve your problem !
Read more about
how and why to accept solutions.