At the end of January 2019 Google plans to implement strict TLS 1.3 compliance in their upcoming Google Chrome 72 release, this will affect all Palo Alto firewalls using SSL decryption.
The TLS 1.3 supported versions of each of the major PAN-OS code-bases are as follows:
Without upgrading to one of the above maintenance releases, users may no longer be able access Gmail, YouTube, and other websites or applications that utilize TLS 1.3 when SSL forward proxy decryption is in use, and instead they will receive the following web browser error: ‘ERR_TLS13_DOWNGRADE_DETECTED’.
If you are using SSL decryption, Teneo recommends you plan to upgrade your firewalls to supported versions by January 29th 2019. For any questions or for further help, please contact Teneo Support https://www.teneo.net/uk/support/