Enabling TLS 1.3 for All Gateway Interfaces

bhill3 — Wed, 28 Feb 2024 14:43:16 GMT

We are trying to ensure that TLS 1.3 is enabled on our Checkpoint Gateways and have successfully configured the primary interface of the Gateways to have TLS 1.3 enabled (as well as disable TLS 1.0 & TLS 1.1) by using the following clish commands:

show ssl tls enabled
set ssl tls TLSv1.0 off  # repeat as needed with other TLS versions
set ssl tls TLSv1.3 on
save config

This seems to have only applied to the primary interface of the Gateway. Is there a way that we can also ensure that TLS 1.3 is enabled for the secondary interface of the Gateway? Specifically we're looking to enable TLS 1.3 for port 443.

Thanks!

Re: Enabling TLS 1.3 for All Gateway Interfaces

Lesley — Wed, 28 Feb 2024 21:31:53 GMT

https://support.checkpoint.com/results/sk/sk178505

Re: Enabling TLS 1.3 for All Gateway Interfaces

the_rock — Thu, 29 Feb 2024 01:05:43 GMT

From expert mode -> cipher_util, option 2, then 2 again, follow the prompts.

Best,

Andy

topic Re: Enabling TLS 1.3 for All Gateway Interfaces in General Topics

Enabling TLS 1.3 for All Gateway Interfaces

Re: Enabling TLS 1.3 for All Gateway Interfaces

Re: Enabling TLS 1.3 for All Gateway Interfaces