https://community.checkpoint.com/t5/SASE-and-Remote-Access/Forcing-AES-encryption-Algorithm-for-SNX-user/m-p/183693#M4819 <P>You may want to make 100% certain 3DES is disabled globally per:&nbsp;<A href="https://support.checkpoint.com/results/sk/sk113114" target="_blank">https://support.checkpoint.com/results/sk/sk113114</A><BR />Otherwise, I suggest a TAC case to assist: <A href="https://help.checkpoint.com" target="_blank">https://help.checkpoint.com</A>&nbsp;</P> Fri, 09 Jun 2023 16:03:30 GMT PhoneBoy 2023-06-09T16:03:30Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Forcing-AES-encryption-Algorithm-for-SNX-user/m-p/183621#M4816 <P><SPAN>Hi, Expert.</SPAN></P><P><SPAN>I would like to force AES for SNX user?</SPAN></P><P><SPAN>&nbsp;</SPAN><SPAN>I’ve tried many ways, but user is keep using 3DES only. Can we force AES?</SPAN></P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="JaeYoung_An_0-1686213903859.png" style="width: 400px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/21340iCB9A44AA6CB05EC3/image-size/medium?v=v2&amp;px=400" role="button" title="JaeYoung_An_0-1686213903859.png" alt="JaeYoung_An_0-1686213903859.png" /></span></P><P>&nbsp;</P><P><SPAN>&nbsp;</SPAN><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="JaeYoung_An_1-1686213903865.png" style="width: 400px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/21341i3BDD1C4370A23F01/image-size/medium?v=v2&amp;px=400" role="button" title="JaeYoung_An_1-1686213903865.png" alt="JaeYoung_An_1-1686213903865.png" /></span></P><P>&nbsp;</P><P><SPAN>I’ve also followed <A href="https://support.checkpoint.com/results/sk/sk113114" target="_blank" rel="noopener">https://support.checkpoint.com/results/sk/sk113114</A> to disable 3DES, but always 3DES is used.</SPAN></P><P><SPAN>This is same even in latest version. </SPAN></P><P><SPAN>Can anyone Advise how to use AES or confirm we can’t use AES?</SPAN></P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="JaeYoung_An_2-1686213903866.png" style="width: 400px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/21339i768B15616E5142C9/image-size/medium?v=v2&amp;px=400" role="button" title="JaeYoung_An_2-1686213903866.png" alt="JaeYoung_An_2-1686213903866.png" /></span></P><DIV class="">&nbsp;</DIV><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="2023-06-08_14-57-21.png" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/21342i68F04FF6A82C23FB/image-size/large?v=v2&amp;px=999" role="button" title="2023-06-08_14-57-21.png" alt="2023-06-08_14-57-21.png" /></span></P><P>&nbsp;</P> Thu, 08 Jun 2023 08:49:51 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Forcing-AES-encryption-Algorithm-for-SNX-user/m-p/183621#M4816 JaeYoung_An 2023-06-08T08:49:51Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Forcing-AES-encryption-Algorithm-for-SNX-user/m-p/183668#M4817 <P>What precisely are the clients in this case?<BR />If they're Linux, I suspect you're out of luck similar to:&nbsp;<A href="https://support.checkpoint.com/results/sk/sk180837" target="_blank">https://support.checkpoint.com/results/sk/sk180837</A>&nbsp;<BR />Windows and macOS SNX support AES on currently supported versions.</P> Thu, 08 Jun 2023 22:17:50 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Forcing-AES-encryption-Algorithm-for-SNX-user/m-p/183668#M4817 PhoneBoy 2023-06-08T22:17:50Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Forcing-AES-encryption-Algorithm-for-SNX-user/m-p/183679#M4818 <P>It's Windows 10 client with chrome browser</P><P>gateway version is R81.20</P><P>please refer to below pic</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="2023-06-09_13-11-01.png" style="width: 943px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/21348i68CE6B03D0B50EF9/image-size/large?v=v2&amp;px=999" role="button" title="2023-06-09_13-11-01.png" alt="2023-06-09_13-11-01.png" /></span></P> Fri, 09 Jun 2023 04:21:04 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Forcing-AES-encryption-Algorithm-for-SNX-user/m-p/183679#M4818 JaeYoung_An 2023-06-09T04:21:04Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Forcing-AES-encryption-Algorithm-for-SNX-user/m-p/183693#M4819 <P>You may want to make 100% certain 3DES is disabled globally per:&nbsp;<A href="https://support.checkpoint.com/results/sk/sk113114" target="_blank">https://support.checkpoint.com/results/sk/sk113114</A><BR />Otherwise, I suggest a TAC case to assist: <A href="https://help.checkpoint.com" target="_blank">https://help.checkpoint.com</A>&nbsp;</P> Fri, 09 Jun 2023 16:03:30 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Forcing-AES-encryption-Algorithm-for-SNX-user/m-p/183693#M4819 PhoneBoy 2023-06-09T16:03:30Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Forcing-AES-encryption-Algorithm-for-SNX-user/m-p/235990#M4820 <P data-unlink="true"><SPAN class=""><SPAN class="">sk116156</SPAN></SPAN>&nbsp;https://support.checkpoint.com/results/sk/sk116156&nbsp; tell AES is supported by MacOS SNX client starting from R80.10</P><DIV class="">&nbsp;</DIV><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="image.png" style="width: 732px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/28852iBAE528D8AD2D24BD/image-size/large?v=v2&amp;px=999" role="button" title="image.png" alt="image.png" /></span></P><P>&nbsp;</P><P>this obviously suggest that the SNX Server side support this encryption method&nbsp; as showed here:</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="image.png" style="width: 697px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/28853i96DE9808AC8CB082/image-size/large?v=v2&amp;px=999" role="button" title="image.png" alt="image.png" /></span></P><P>Why this is not working ?</P><P>if I use SNX client or CAPSULE from windows the connections is always in 3DES.</P><P>there is a Check Point Employee that can explain how to solve&nbsp; using GuiDBEDIT?</P><P>thanks</P><P>Massimo</P> Tue, 17 Dec 2024 11:49:16 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Forcing-AES-encryption-Algorithm-for-SNX-user/m-p/235990#M4820 Massimo_Manzato 2024-12-17T11:49:16Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Forcing-AES-encryption-Algorithm-for-SNX-user/m-p/236019#M4821 <P>Don't know that (gui)dbedit is the solution here.<BR />I know this SK only mentions SMB appliances, but I see the referenced kernel variable on regular gateways (at least in R82):&nbsp;<A href="https://support.checkpoint.com/results/sk/sk112314" target="_blank">https://support.checkpoint.com/results/sk/sk112314</A><BR />It's worth a shot.</P> Tue, 17 Dec 2024 14:23:17 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Forcing-AES-encryption-Algorithm-for-SNX-user/m-p/236019#M4821 PhoneBoy 2024-12-17T14:23:17Z