https://community.checkpoint.com/t5/Spark-Firewall-SMB/RA-VPN-Security-Scan-finds-vulnerabilities/m-p/150950#M6958 <P>SMB 14xx with VPN Remote Access enabled had a Security Scan performed that found the following vulnerabilities:</P> <P>"'Vulnerable' cipher suites accepted by this service via the TLSv1.2 protocol:</P> <P>TLS_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)"</P> <P>"'Weak' cipher suites accepted by this service via the TLSv1.2 protocol:</P> <P>TLS_RSA_WITH_RC4_128_MD5</P> <P>TLS_RSA_WITH_RC4_128_SHA"</P> <P>According to&nbsp;<SPAN>sk162794, ciphers and MACs can not be restricted on SMBs, but&nbsp;sk104095 helped a lot !</SPAN></P> Wed, 15 Jun 2022 14:19:10 GMT G_W_Albrecht 2022-06-15T14:19:10Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/RA-VPN-Security-Scan-finds-vulnerabilities/m-p/150950#M6958 <P>SMB 14xx with VPN Remote Access enabled had a Security Scan performed that found the following vulnerabilities:</P> <P>"'Vulnerable' cipher suites accepted by this service via the TLSv1.2 protocol:</P> <P>TLS_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)"</P> <P>"'Weak' cipher suites accepted by this service via the TLSv1.2 protocol:</P> <P>TLS_RSA_WITH_RC4_128_MD5</P> <P>TLS_RSA_WITH_RC4_128_SHA"</P> <P>According to&nbsp;<SPAN>sk162794, ciphers and MACs can not be restricted on SMBs, but&nbsp;sk104095 helped a lot !</SPAN></P> Wed, 15 Jun 2022 14:19:10 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/RA-VPN-Security-Scan-finds-vulnerabilities/m-p/150950#M6958 G_W_Albrecht 2022-06-15T14:19:10Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/RA-VPN-Security-Scan-finds-vulnerabilities/m-p/150953#M6959 <P><STRONG>sk104095</STRONG> tells about <STRONG>Advanced settings:</STRONG></P> <P><STRONG><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="RC43DES.png" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/16927iC0E6025B0CB6C11D/image-size/large?v=v2&amp;px=999" role="button" title="RC43DES.png" alt="RC43DES.png" /></span></STRONG></P> <P>So if we set both RC4 and 3DES to false, <SPAN>Security Scan</SPAN> is much happier:</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="scan2.png" style="width: 567px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/16928i8DA935F92924EE4B/image-size/large?v=v2&amp;px=999" role="button" title="scan2.png" alt="scan2.png" /></span></P> <P>Much better now&nbsp;8)</img></P> Wed, 15 Jun 2022 14:21:21 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/RA-VPN-Security-Scan-finds-vulnerabilities/m-p/150953#M6959 G_W_Albrecht 2022-06-15T14:21:21Z