Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Iron

issue with IKE weak negotiations on R80.20

Hi All

Can anyone shed any light for us, we have regular pen tests from our partner, we have a firewall that they say is responding to weak IKE transformations.

We have IKEv2 enabled on this said firewall using AES256 and SHA256 but they still say its weak.

Other firewalls are configured the same but don't have any issues.

Any ideas?

 

0 Kudos
2 Replies
Highlighted
Admin
Admin

Specifically, which ciphers do they claim is being offered?
0 Kudos
Highlighted

The go-to SK for audit scan results is this one: sk100647: Check Point response to common false positives scanning results

Could this be what they are referring to specifically for IKE, which doesn't apply to Check Point firewalls anyway: sk134572: Check Point response to Bleichenbacher oracle cryptographic attack (IKEv1/IKEv2) 

 

Book "Max Power 2020: Check Point Firewall Performance Optimization" Third Edition
Now Available at www.maxpowerfirewalls.com
0 Kudos