Customers have root access and can therefore harden the appliance.
Please see below few examples how and what you can adjust
TCP ICMP Timestamps
vim /etc/sysctl.d/60-tcp-timestamp.conf ADD line >> net.ipv4.tcp_timestamps=0 Reboot appliance
SSH config - Disable certain ciphers
vim /etc/ssh/sshd_config
adjust line (or add if it does not exist)
MACs hmac-sha2-512,hmac-sha2-256
Ciphers aes256-ctr,aes192-ctr,aes128-ctr
systemctl restart sshd
SSL - Disable certain ciphers
vim /opt/panagenda/appdata/volumes/nginx/pan_gl remove old cipher from ssl_ciphers: example: ssl_ciphers 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA....' docker restart gl_nginx