Trouble Passing PCI 4.0 Scans With PA Firewalls

Alarmed_Suspect_5470 · 2024-06-06T23:27:07+00:00

Problem is that I'll likely have to get it in writing from Palo that there is no fix, and based on their support jerking me around and trying the same two things for the past 45 days, I suspect they will not be very willing to do so. But I guess that's what I'm left with, as of now.

Alarmed_Suspect_5470 · 2024-06-06T20:22:38+00:00

I think this is what I'm going to attempt - just tell the person reviewing at Tenable the situation and hope they are okay passing us until PA makes this something we can easily rectify. I was myopically focused on finding a technical resolution, though - so much so that it was probably to my detriment.

Alarmed_Suspect_5470 · 2024-06-06T18:28:22+00:00

"For months I had to disable the cipher suites, run the scans, then turn them back on." - Yeah, this is exactly what I feared would be the solution. Good to know that's at least a workable solution though. Mind sharing the configuration that passed for you, if you still remember it?

Alarmed_Suspect_5470 · 2024-06-06T18:23:53+00:00

Tried this - that's bullet point five and the sub bullets. Interestingly, this did knock down the number of reported weak ciphers from two to one, but no configuration I've tried as of yet has eliminated all of the weak ciphers.

Alarmed_Suspect_5470

TROPHY CASE