Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Andreas_Mang
Contributor

When will AES-256/AES-128 Kerberos cipher suites finally be supported through SmartDashboard? I know in R77.30 they are only available through a hotfix.

Jump to solution

In R77.30 I can get a hotfix to Support Kerberos Authentication on the Identity Agent for AD SSO using AES-128 and AES-256 Cipher suites. The only suites available in SmartConsole are currently RC4-HMAC-NT which is obsolete and DES-CBC-MD5/CRC.

Labels (1)
0 Kudos
2 Solutions

Accepted Solutions
Tzvi_Katz
Employee
Employee

Hi,

The HF was integrated to R80.10 GW , but the setup will remain similar to the HF in R77.30 from CLI, the setting from SmartConsole support will be integrated in the next releases.

View solution in original post

0 Kudos
Tzvi_Katz
Employee
Employee

Well, the next release is R81.10 and according to @Royi_Priov  - this is part of the release. 

 

View solution in original post

8 Replies
Tzvi_Katz
Employee
Employee

Hi,

The HF was integrated to R80.10 GW , but the setup will remain similar to the HF in R77.30 from CLI, the setting from SmartConsole support will be integrated in the next releases.

View solution in original post

0 Kudos
Andreas_Mang
Contributor

still not part of the R80.40 GUI?

0 Kudos
Roman_Niewiado1
Contributor

R80.30  take 227 hasn't AES-128 and AES-256 Cipher, too.

 

0 Kudos
Tobias_Moritz
Advisor

@Tzvi_Katzyou said "will be integrated in the next releases" and that was more than four years ago. On which position on the roadmap is this feature? Just asking... 🙂

0 Kudos
Tzvi_Katz
Employee
Employee

Well, the next release is R81.10 and according to @Royi_Priov  - this is part of the release. 

 

View solution in original post

Tobias_Moritz
Advisor

Thank you for your fast response. So we look forward to that release 🙂

0 Kudos
andymong
Participant

still nothing in R81 ? 😞 

0 Kudos
Roman_Niewiado1
Contributor

Check Point has a solution that is something like from a  cheap software company. Nothing what I would expect of CP.

 

[Expert@gw:0]# pdp auth kerberos_encryption set RC4-HMAC-NT

Command: root->auth->kerberos_encryption->set

Please select one of:

policy

aes128-cts-hmac-sha1-96

aes256-cts-hmac-sha1-96

[Expert@gw:0]# pdp auth kerberos_encryption set aes128-cts-hmac-sha1-96

Kerberos encryption type is aes128-cts-hmac-sha1-96

*** You must push the policy for this change to take effect!

 

I have two domains and I'm not able to change the ciphers only for one domain. What a sh..

0 Kudos