cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

How to prevent TLS1.0 traffic passing through gateway using IPS

Hello,

We are running CheckPoint R80.10 and have enabled IPS, Anti-Virus, Anti-Bot threat prevention blades. There is a requirement to block TLS1.0 traffic passing through the gateway. Just wondering how we can achieve this using our Threat Prevention blades.

Thanks,

Chandru

Tags (1)
4 Replies

Re: How to prevent TLS1.0 traffic passing through gateway using IPS

You can enable the IPS protection "Transport Layer (TLS) Version 1.0" to block TLSv1.0:

Re: How to prevent TLS1.0 traffic passing through gateway using IPS

Thanks Anthony. Thats very helpful.

The requirement is to block TLS1.0 traffic for a particular subnet reaching an public IP address. Does it mean, I need to create a new rule under Threat Prevention policy specifying the source and destination with block on TLSv1.0  

0 Kudos
Vladimir
Jade

Re: How to prevent TLS1.0 traffic passing through gateway using IPS

You are better off creating this exception:

Otherwise, you'll have to create a separate profile with TLS 1.0 protection only and apply it to your desired scope.

Re: How to prevent TLS1.0 traffic passing through gateway using IPS

OK. Thanks Vladimir. This seems to be a possible solution