Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
LostBoY
Advisor

Vulnerability Mitigation for TLS 1.0 and Weak Ciphers

Hello,

I need  instructions to mitigate the following two vulnerabilities from our Gateways : 

1) Enable Support for TLS 1.1 and TLS 1.2 , and disable TLS  1.0

2) Removal of Weak Ciphers

We are using a VSX Cluster environment with R80.10

Also, what could be the after effects after removing these vulnerabilities on the existing production environment.

Please suggest.

 

Thanks

0 Kudos
8 Replies
PhoneBoy
Admin
Admin

As there isn't one global "use TLSv1.2" and "disable weak ciphers" setting, we need some more context, namely on what ports these issues were found.
The main one the comes up (Gaia WEBUI) isn't relevant on VSX.
0 Kudos
LostBoY
Advisor

thanks for the reply.. vulnerability has been reported on port 443 (TLS 1.0 Protocol Detection) ...discovered on 2 VSX Gateways which are in cluster
0 Kudos
PhoneBoy
Admin
Admin

What blades are active on this gateway?
Like I said, the main culprit (the Gaia WebUI) is not active on VSX.
0 Kudos
LostBoY
Advisor

AntiBot, Antivirus, IPS
0 Kudos
G_W_Albrecht
Legend
Legend

Maybe also SSL Inspection ? Then see sk126613: Cipherconfiguration tool for R80.x Gateways.

0 Kudos
Parmod
Explorer

how to remediate TLS vulnerability on checkpoint firewall Virtual interface

 

and sk126613: Cipherconfiguration tool for R80.x Gateways.  is not clearing this requirement @

0 Kudos
sushilsharma
Explorer

1) Enable Support for TLS 1.1 and TLS 1.2 , and disable TLS  1.0

Note: I am a novice user, so please check in test setup before applying to production.

Solution: In Smart console menu->Global properties->Advanced->Configure...

Go to portal properties, there it will show option to set max and min ssl version attributes.

There you may change ssl min. version from TLS1.0 to TLS1.1.

---------There is no growth without humility---------
fklim
Explorer

awesome, thanks  for sharing

0 Kudos