https://community.checkpoint.com/t5/Firewall-and-Security-Management/issue-with-IKE-weak-negotiations-on-R80-20/m-p/62411#M12435 Specifically, which ciphers do they claim is being offered? Tue, 10 Sep 2019 23:03:43 GMT PhoneBoy 2019-09-10T23:03:43Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/issue-with-IKE-weak-negotiations-on-R80-20/m-p/62387#M12434 <P>Hi All</P><P>Can anyone shed any light for us, we have regular pen tests from our partner, we have a firewall that they say is responding to weak IKE transformations.</P><P>We have IKEv2 enabled on this said firewall using AES256 and SHA256 but they still say its weak.</P><P>Other firewalls are configured the same but don't have any issues.</P><P>Any ideas?</P><P>&nbsp;</P> Tue, 10 Sep 2019 14:52:45 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/issue-with-IKE-weak-negotiations-on-R80-20/m-p/62387#M12434 carl_t 2019-09-10T14:52:45Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/issue-with-IKE-weak-negotiations-on-R80-20/m-p/62411#M12435 Specifically, which ciphers do they claim is being offered? Tue, 10 Sep 2019 23:03:43 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/issue-with-IKE-weak-negotiations-on-R80-20/m-p/62411#M12435 PhoneBoy 2019-09-10T23:03:43Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/issue-with-IKE-weak-negotiations-on-R80-20/m-p/62808#M12436 <P>The go-to SK for audit scan results is this one: <A class="cp_link sc_ellipsis" style="max-width: 840px;" href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk100647&amp;partition=General&amp;product=All%22" target="_blank" rel="noopener">sk100647: Check Point response to common false positives scanning results</A></P> <P>Could this be what they are referring to specifically for IKE, which doesn't apply to Check Point firewalls anyway: <A class="cp_link sc_ellipsis" style="max-width: 840px;" href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk134572&amp;partition=General&amp;product=IPSec" target="_blank" rel="noopener">sk134572: Check Point response to Bleichenbacher oracle cryptographic attack (IKEv1/IKEv2)</A>&nbsp;</P> <P>&nbsp;</P> Sun, 15 Sep 2019 19:07:57 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/issue-with-IKE-weak-negotiations-on-R80-20/m-p/62808#M12436 Timothy_Hall 2019-09-15T19:07:57Z