topic Re: Disable CBC mode cipher and enable GCM cipher mode for https inspection in Firewall and Security Management

Disable CBC mode cipher and enable GCM cipher mode for https inspection

TG_Mai — Wed, 18 Sep 2019 19:06:54 GMT

hello

we have R80.10 with https inspection on, does anyone know how to disable the CBC mode cipher for TLS_ECDHE_RSA * in the https inspection?

There an SK show how to allow specific cipher suites only for VPN in R80.10

any help would be great, thank you.

PhoneBoy — Thu, 24 Oct 2019 18:31:34 GMT

See: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk126613
Note that if you're using HTTPS Inspection, it's a good idea to upgrade to R80.30 as it supports additional ciphers, has a better utility to configure what it supported/allowed, and improved SNI support.

Suresh_Kumar — Wed, 26 Aug 2020 14:09:06 GMT

We have already on R80.30 and we are facing the same issue that the all CBC Cipher are showing enable for all the application.

Is there any way to restrict ciphers for specific natted IP?

Zatimus — Wed, 06 Oct 2021 07:37:44 GMT

Hi Suresh,

Hope you are doing well. Want to ask, you manage to have your questions answered? if you do could you share with me the steps.

Thank you

G_W_Albrecht — Wed, 06 Oct 2021 08:06:18 GMT

tavi0906 — Wed, 30 Aug 2023 06:11:01 GMT

is there any way to block the CBC ciphers on a NAT ip

G_W_Albrecht — Wed, 30 Aug 2023 07:27:27 GMT

Please explain - what is a NAT IP for you? Usually, allowed ciphers can be set for SSH, SSL VPN and Multiportal.