This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
ProxyOps
Contributor
‎2023-04-19 09:36 AM

SmartConsole is using TLS 1.0 to connect via proxy to sc1.checkpoint.com

Hello all,

 

we tried to troubleshoot the reason why our Check Point SmartConsole R81 never shows when there is an update available. We followed the following guide to find  the issue:

Automatic updates for SmartConsole (checkpoint.com)

 

In C:\ProgramData\Check Point\SmartConsole R81.10 we found the mentioned .xml file:

 

<?xml version="1.0"?>
<UpdateStatus xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
  <State>NoInfo</State>
  <LastSuccessfulUpdate>0001-01-01T00:00:00</LastSuccessfulUpdate>
  <LastUpdateCheck>2023-04-19T18:21:03.1995339+02:00</LastUpdateCheck>
  <UpdateCheckError>FDT_ERROR</UpdateCheckError>
</UpdateStatus>

 

 

We are using a proxy to connect to the internet. The Check Points URLs are whitelisted and don't get intercepted. We did some tcpdumps and found the reason why the Smart Console is not getting a connection:

 

20230419_.jpg

Our proxy is rejecting the TLS 1.0 connection (which is expected and correct). Why is SmartConsole using TLS1.0 and how can we change it to something like TLS1.2 upwards?

 

Any help is would be welcomed.

 

Best regards

0 Kudos
3 Replies
PhoneBoy
Admin
Admin
‎2023-04-21 12:35 PM

Pretty sure this is an RFE that should be discussed with your local Check Point office.
However, it might be worth a TAC case to confirm: https://help.checkpoint.com 

0 Kudos
the_rock
Legend
Legend
‎2023-04-21 12:45 PM

Not sure if below setting in global properties would be related, but worth checking.

Andy

Screenshot_1.png

0 Kudos
Dan_Zaidman
Employee
Employee
‎2023-04-24 07:31 AM

Hi @ProxyOps , thank you for bringing it to our attention.

The TLS 1.0 connection is not related to the update notification problem.

We will release a new SmartConsole jumbo for versions R80.40 to R81.20 that will not send that TLS 1.0 connection.

Regarding the update notification problem, we would like to set a short zoom session, in order to find the root cause.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events