This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our
Privacy Policy
Accept
Reject
Register
·
Sign In
·
FAQs
(English) USA
(English) USA
(简体中文) China
(日本語) Japan
Get Started
Welcome Guide
LIVEcommunity Support Info
FAQ
News & Events
Events
Ignite Conference
Ask Me Anything (AMA) Events
Interactive Events
Social Feed
News
Discussions
Network Security
Next-Generation Firewall Discussions
VM-Series in the Public Cloud
VM-Series in the Private Cloud
CN-Series Discussions
AIOps for NGFW Discussions
Panorama Discussions
GlobalProtect Discussions
Cloud NGFW Discussions
Cloud Delivered Security Services
Threat & Vulnerability Discussions
Endpoint (Traps) Discussions
Enterprise Data Loss Prevention Discussions
Next-Generation CASB Discussions
IoT Security Discussions
Secure Access Service Edge
Prisma Access Discussions
Prisma Access Insights Discussions
Prisma Access for MSPs and Distributed Enterprises Discussions
Prisma Access Cloud Management Discussions
Prisma SD-WAN Discussions
Prisma SD-WAN CloudBlades Discussions
Prisma SD-WAN AIOps Discussions
Autonomous DEM Discussions
Cloud Native Application Protection
Prisma Cloud Discussions
Cloud Identity Engine Discussions
Security Operations
Cortex XDR Discussions
Cortex XSOAR Discussions
Cortex Xpanse Discussions
General Topics
Best Practice Assessment Discussions
Configuration Wizard Discussions
Custom Signatures
VirusTotal
Articles
General Articles
PSIRT Articles
Products
Network Security
GlobalProtect
Next-Generation Firewall
Cloud NGFW Help Center
AIOps for NGFW
Getting Started With VM-series
Private Cloud
Oracle Cloud Infrastructure
Alibaba Cloud
AWS
GCP
Azure
CN-Series
Panorama
Threat Prevention Services
Endpoint Protection
SSL Decryption
App-ID
Content-ID
User-ID
5G
Cloud Delivered Security Services
Next-Generation CASB
IoT Security
Enterprise Data Loss Prevention
Secure Access Service Edge
Prisma Access
Prisma Access Insights
Autonomous Digital Experience Management
Prisma Access Cloud Management
Prisma Access for MSPs and Distributed Enterprises
Prisma SD-WAN
Prisma SD-WAN CloudBlades
Prisma SD-WAN AIOps
Cloud Native Application Protection
Prisma Cloud
Cloud Identity Engine
Security Operations
Cortex XDR
Cortex XSOAR
Cortex Data Lake
Cortex Xpanse
Hub
Tools
Integration Resources
App for QRadar
Automation / API
Ansible
Palo Alto Networks Device Framework
Terraform
Cloud Integration
Expedition
HTTP Log Forwarding
Maltego for AutoFocus
Best Practice Assessment
Configuration Wizard
Quickplay Solutions
Education Services
Certification
Instructor-Led Training
Digital Learning
Education Services Help Center
Education Services Upcoming Events
Education Services Articles
Podcasts
PANCast
Member Recognition
Spotlight News
Member Spotlights
Member Testimonials
Cyber Elite Program
Customer
Partner
Employee
About JeremyD
All community
Articles
JeremyD
Users
Products
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Show
only
|
Search instead for
Did you mean:
LIVEcommunity
About JeremyD
08-03-2020
JeremyD
since
08-03-2020
L0 Member
1
Post
0
Likes
0
Solutions
Aug 03, 2020
Last Visited
User Activity
User Profile
Latest posts by JeremyD
Subject
Views
Posted
Global Protect Portal and weak cipher sets
GlobalProtect Discussions
3514
08-03-2020
12:50 AM
View All
User Badges
View All
Community Statistics
Member Since
08-03-2020
12:43 AM
Date Last Visited
08-03-2020
04:12 AM
Posts
1
Latest Contributions by JeremyD
Topics JeremyD has Participated In
Latest Contributions by JeremyD
Global Protect Portal and weak cipher sets
by
JeremyD
in
GlobalProtect Discussions
08-03-2020
12:50 AM
08-03-2020
12:50 AM
Has anyone had success getting past a B on ssllabs for the globalprotect web portal. i have created the below ssl profile and bound it to the global protect portal. even though enc-algo-aes-128-cbc and enc-algo-aes-128-gcm are set to know, they still appear in the test show shared ssl-tls-service-profile TestSSL TestSSL { protocol-settings { min-version tls1-2; max-version tls1-2; auth-algo-sha1 no; auth-algo-sha256 no; auth-algo-sha384 yes; enc-algo-3des no; enc-algo-aes-128-cbc no; enc-algo-aes-128-gcm no; enc-algo-aes-256-cbc yes; enc-algo-aes-256-gcm yes; enc-algo-rc4 no; keyxchg-algo-dhe yes; keyxchg-algo-ecdhe yes; keyxchg-algo-rsa no; } certificate "Wildcard 2020"; } SSL Labs Report # TLS 1.2 (suites in server-preferred order) TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d) WEAK256TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c) WEAK128TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d) WEAK256TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c) WEAK128TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) WEAK128TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) ECDH secp256r1 (eq. 3072 bits RSA) FS WEAK256TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) ECDH secp256r1 (eq. 3072 bits RSA) FS WEAK128 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) ECDH secp256r1 (eq. 3072 bits RSA) FS 256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) ECDH secp256r1 (eq. 3072 bits RSA) FS 128TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) DH 2048 bits FS WEAK256TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33) DH 2048 bits FS WEAK128 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f) DH 2048 bits FS 256 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e) DH 2048 bits FS 128
... View more
Contact Me
Online Status
Offline
Date Last Visited
08-03-2020
04:12 AM
Latest Tags
No tags yet