05-22-2023 05:38 AM
I assume you refer to GlobalProtect ciphers.
To get A- score in SSLLabs test run following 4 commands (adjust template and profile name to match your environment)
If config is managed inside firewall
set shared ssl-tls-service-profile GlobalProtect protocol-settings auth-algo-sha1 no
set shared ssl-tls-service-profile GlobalProtect protocol-settings enc-algo-3des no
set shared ssl-tls-service-profile GlobalProtect protocol-settings enc-algo-rc4 no
set shared ssl-tls-service-profile GlobalProtect protocol-settings keyxchg-algo-rsa no
If config is pushed from Panorama
set template Template-name config shared ssl-tls-service-profile GlobalProtect protocol-settings auth-algo-sha1 no
set template Template-name config shared ssl-tls-service-profile GlobalProtect protocol-settings enc-algo-3des no
set template Template-name config shared ssl-tls-service-profile GlobalProtect protocol-settings enc-algo-rc4 no
set template Template-name config shared ssl-tls-service-profile GlobalProtect protocol-settings keyxchg-algo-rsa no
