Secure Sockets Layer/Transport Layer Security (SSL/TLS) Server supports Transport Layer Security

SerDiHer0411 — Thu, 13 Apr 2023 21:35:23 GMT

Greetings Mates!!

We recently had a vulnerability scan in a firewall cluster (two Check Point 6200, OS Gaia R81 Build 392)

The result of this vulnerability scan shows the following:

- Secure Sockets Layer/Transport Layer Security (SSL/TLS) Server Supports Transport Layer Security (TLSv1.1)

- Secure Sockets Layer/Transport Layer Security (SSL/TLS) Server Supports Transport Layer Security (TLSv1.0)

I tried checking previous solutions for this, but they show disabling or selecting TLSv1.2 from the SmartConsole->Global Properties section. The thing is, we have several other firewalls and firewall clusters in the SmartConsole, so making this change would affect not only the firewalls that were scanned, but the other firewalls managed in the console.

Is there a way we can disable TLSv1.0 and TLSv1.1, and enabling TLSv1.2 in just the firewalls we need?

Re: Secure Sockets Layer/Transport Layer Security (SSL/TLS) Server supports Transport Layer Security

PhoneBoy — Fri, 14 Apr 2023 00:50:47 GMT

Unfortunately, all Global Properties settings applies to all gateways managed in that same domain.
Did you try making changes in cipher_util first? https://support.checkpoint.com/results/sk/sk126613
These are local to the gateway.

topic Re: Secure Sockets Layer/Transport Layer Security (SSL/TLS) Server supports Transport Layer Security in Firewall and Security Management

Secure Sockets Layer/Transport Layer Security (SSL/TLS) Server supports Transport Layer Security

Re: Secure Sockets Layer/Transport Layer Security (SSL/TLS) Server supports Transport Layer Security