topic Do SMB appliances support TLS1.2 on server side? in Spark Firewall (SMB) https://community.checkpoint.com/t5/Spark-Firewall-SMB/Do-SMB-appliances-support-TLS1-2-on-server-side/m-p/94532#M4051 <P>Hello CP community.</P><P>&nbsp;</P><P>I've a SMB 1490 locally management with&nbsp; R77_20_87 Build 990173004. HTTPS Inspection enabled.</P><P>Yesterday a user reported troubble to access website <A href="https://store.azerty.com.mx" target="_blank">https://store.azerty.com.mx</A>, browser showed CONNECTION_CLOSED.&nbsp;</P><P>Security logs reported nothing about this.&nbsp;</P><P>By means a https bypass to ip destination the issue disappeard, website load well in browser, so I did follow SK105559 steps.</P><P>I can see in output logs from tcpdump and&nbsp; fwmonitor a&nbsp; HANDSHAKE FAILURE, but I&nbsp; don't find what cause such error.</P><P>Besides,&nbsp;SK105559 state that I must collect <STRONG>wstsld.elg</STRONG> but such file is not located in my FW. Furthermore, I don't uderstand why logs from tcpdump and fwmonitor only register TLS reply from&nbsp;store.azerty.com.mx, but not TLS requet from my FW (client_hello).</P><P>&nbsp;</P><P>Do you can help me to understand and resolve this issue?</P><P>Thanks</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Tue, 18 Aug 2020 18:55:34 GMT LuisSP 2020-08-18T18:55:34Z Do SMB appliances support TLS1.2 on server side? https://community.checkpoint.com/t5/Spark-Firewall-SMB/Do-SMB-appliances-support-TLS1-2-on-server-side/m-p/94532#M4051 <P>Hello CP community.</P><P>&nbsp;</P><P>I've a SMB 1490 locally management with&nbsp; R77_20_87 Build 990173004. HTTPS Inspection enabled.</P><P>Yesterday a user reported troubble to access website <A href="https://store.azerty.com.mx" target="_blank">https://store.azerty.com.mx</A>, browser showed CONNECTION_CLOSED.&nbsp;</P><P>Security logs reported nothing about this.&nbsp;</P><P>By means a https bypass to ip destination the issue disappeard, website load well in browser, so I did follow SK105559 steps.</P><P>I can see in output logs from tcpdump and&nbsp; fwmonitor a&nbsp; HANDSHAKE FAILURE, but I&nbsp; don't find what cause such error.</P><P>Besides,&nbsp;SK105559 state that I must collect <STRONG>wstsld.elg</STRONG> but such file is not located in my FW. Furthermore, I don't uderstand why logs from tcpdump and fwmonitor only register TLS reply from&nbsp;store.azerty.com.mx, but not TLS requet from my FW (client_hello).</P><P>&nbsp;</P><P>Do you can help me to understand and resolve this issue?</P><P>Thanks</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Tue, 18 Aug 2020 18:55:34 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Do-SMB-appliances-support-TLS1-2-on-server-side/m-p/94532#M4051 LuisSP 2020-08-18T18:55:34Z Re: Do SMB appliances support TLS1.2 on server side? https://community.checkpoint.com/t5/Spark-Firewall-SMB/Do-SMB-appliances-support-TLS1-2-on-server-side/m-p/94537#M4052 <P>I suggest to open a service request with <A href="https://help.checkpoint.com/s/" target="_self">Check Point Support</A>.</P> Tue, 18 Aug 2020 20:24:55 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Do-SMB-appliances-support-TLS1-2-on-server-side/m-p/94537#M4052 Danny 2020-08-18T20:24:55Z