Enforce FPX to use specific TLS 1.2 version when connecting to Origin server

Forum|Forum|1 year ago
November 20, 2024
1 reply
663 views

We are encountering an issue with FPX where the Palo Alto firewall attempts to retrieve updates via FPX, but the connection is randomly refused.

Upon analyzing the packet capture from FPX during the issue, we observed that FPX uses TLS 1.0 to communicate with the Palo Alto update server, causing the connection to fail. However, when FPX uses TLS 1.2, the connection is successful.

Is there any option to enforce FPX to use TLS 1.2 for communication with the Palo Alto update server in a specific policy or profile?

jgillies01

Staff

Hi,

Please note that this request will be sent to Fortinet Global Community platform to draw more visibility.

If this has already been solved, can you please mark it as "Solved"

Please contact your local EPSP PM for any concern

Thank you

Joanne

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded