cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted

Weak Ciphers Removal

Jump to solution

On our MAB SSL VPN, I have restricted this to only use TLS1.2 and now I want to remove the weak cipher suites as shown.

I can see 2 possible ways of removing these:

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

or

https://supportcenter.checkpoint.com/supportcenter/portal?action=portlets.SearchResultMainAction&eve...

Is there a better one of the 2 methods to use?

I was thinking the 2nd link would be better as it gives a full list of the individual ciphers that you can either allow or block.

Any suggestions welcome.

Thanks

0 Kudos
1 Solution

Accepted Solutions

Re: Weak Ciphers Removal

Jump to solution

This is what we did:

Global Properties > Smartboard Customization > Configure > Portal Properties: changed snx_ssl_min_ver to TLS1.1 and max to TLS1.2

followed: sk120774 (your first link but this was when the gateways where R77.30)

and also on the gateways:

ckp_regedit -a SOFTWARE\\CheckPoint\\FW1 CPTLS_ACCEPT_ECDHE 1

ckp_regedit -a SOFTWARE\\CheckPoint\\FW1 CPTLS_PROPOSE_ECDHE 1

ckp_regedit -a SOFTWARE\\CheckPoint\\FW1 DISABLE_3DES 1

2 Replies

Re: Weak Ciphers Removal

Jump to solution

I would use sk126613 for R80.xx version.

0 Kudos

Re: Weak Ciphers Removal

Jump to solution

This is what we did:

Global Properties > Smartboard Customization > Configure > Portal Properties: changed snx_ssl_min_ver to TLS1.1 and max to TLS1.2

followed: sk120774 (your first link but this was when the gateways where R77.30)

and also on the gateways:

ckp_regedit -a SOFTWARE\\CheckPoint\\FW1 CPTLS_ACCEPT_ECDHE 1

ckp_regedit -a SOFTWARE\\CheckPoint\\FW1 CPTLS_PROPOSE_ECDHE 1

ckp_regedit -a SOFTWARE\\CheckPoint\\FW1 DISABLE_3DES 1