https://community.checkpoint.com/t5/Firewall-and-Security-Management/Cloning-Group-Nessus-and-SSLv3/m-p/239944#M46540 <P>Hi Check Mates,</P><P>&nbsp;</P><P>I have been looking through a Nessus Scan of a gateway cluster today, I had allowed all ports for the scanner to the gateways and turned off IPS for it.</P><P>The gateway version is R81.20 Jumbo hotfix 92</P><P>Nessus is complaining about the existence of SSLv3 and some weak ciphers. We disabled SSLv3 years ago and get an A+ from the Qualys SSL scanner online.</P><P>Then I noticed that it is Port TCP/1129 that is accepting SSLv3 (and 2) see the screenshot. This is of course the cloning group port.</P><P>I have searched the KB and these pages and cannot find any mention of this, has anyone else seen this and do we know how to get the cloning group comms onto TLS1.2?</P><DIV class="">&nbsp;</DIV><DIV class="">&nbsp;</DIV><P>&nbsp;</P><P>Thanks,</P><P>John</P> Wed, 29 Jan 2025 10:46:44 GMT John_Fenoughty 2025-01-29T10:46:44Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Cloning-Group-Nessus-and-SSLv3/m-p/239944#M46540 <P>Hi Check Mates,</P><P>&nbsp;</P><P>I have been looking through a Nessus Scan of a gateway cluster today, I had allowed all ports for the scanner to the gateways and turned off IPS for it.</P><P>The gateway version is R81.20 Jumbo hotfix 92</P><P>Nessus is complaining about the existence of SSLv3 and some weak ciphers. We disabled SSLv3 years ago and get an A+ from the Qualys SSL scanner online.</P><P>Then I noticed that it is Port TCP/1129 that is accepting SSLv3 (and 2) see the screenshot. This is of course the cloning group port.</P><P>I have searched the KB and these pages and cannot find any mention of this, has anyone else seen this and do we know how to get the cloning group comms onto TLS1.2?</P><DIV class="">&nbsp;</DIV><DIV class="">&nbsp;</DIV><P>&nbsp;</P><P>Thanks,</P><P>John</P> Wed, 29 Jan 2025 10:46:44 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Cloning-Group-Nessus-and-SSLv3/m-p/239944#M46540 John_Fenoughty 2025-01-29T10:46:44Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Cloning-Group-Nessus-and-SSLv3/m-p/239948#M46541 <P><A href="https://support.checkpoint.com/results/sk/sk182091" target="_blank">https://support.checkpoint.com/results/sk/sk182091</A></P> <TABLE id="filter1Table" class="TableStyle-TP_Table_Jumbo_Fixes" cellspacing="0"> <TBODY> <TR class="TableStyle-TP_Table_Jumbo_Fixes-Body-Grey_Background"> <TD class="TableStyle-TP_Table_Jumbo_Fixes-BodyE-Column_Style_ID-Grey_Background"> <P>PRJ-43614,<BR />PRHF-26959</P> </TD> <TD class="TableStyle-TP_Table_Jumbo_Fixes-BodyE-Column_Style_Product-Grey_Background"> <P>Gaia OS</P> </TD> <TD class="TableStyle-TP_Table_Jumbo_Fixes-BodyD-Column_Style_Description-Grey_Background"> <P><STRONG>UPDATE</STRONG>: Gaia Cloning Groups will now use the highest TLS version available.</P> </TD> </TR> </TBODY> </TABLE> <P>&nbsp;</P> <P>Strange should already be fixed. Best way is to make Wireshark capture and use the SK above to see if it is really SSLV3 or maybe false positive. If not open a TAC case with the capture.</P> Wed, 29 Jan 2025 11:16:52 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Cloning-Group-Nessus-and-SSLv3/m-p/239948#M46541 Lesley 2025-01-29T11:16:52Z