This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
NeilDavey
Collaborator
‎2019-04-18 03:02 AM
Jump to solution

Weak Ciphers Removal

On our MAB SSL VPN, I have restricted this to only use TLS1.2 and now I want to remove the weak cipher suites as shown.

I can see 2 possible ways of removing these:

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

or

https://supportcenter.checkpoint.com/supportcenter/portal?action=portlets.SearchResultMainAction&eve...

Is there a better one of the 2 methods to use?

I was thinking the 2nd link would be better as it gives a full list of the individual ciphers that you can either allow or block.

Any suggestions welcome.

Thanks

Cipher Suites.PNG
Preview file
18 KB
0 Kudos
1 Solution

Accepted Solutions
Mikel_Aanstoot
Contributor
‎2019-04-18 04:40 AM
Jump to solution

This is what we did:

Global Properties > Smartboard Customization > Configure > Portal Properties: changed snx_ssl_min_ver to TLS1.1 and max to TLS1.2

followed: sk120774 (your first link but this was when the gateways where R77.30)

and also on the gateways:

ckp_regedit -a SOFTWARE\\CheckPoint\\FW1 CPTLS_ACCEPT_ECDHE 1

ckp_regedit -a SOFTWARE\\CheckPoint\\FW1 CPTLS_PROPOSE_ECDHE 1

ckp_regedit -a SOFTWARE\\CheckPoint\\FW1 DISABLE_3DES 1

View solution in original post

2 Replies
G_W_Albrecht
Legend Legend
Legend
‎2019-04-18 04:14 AM
Jump to solution

I would use sk126613 for R80.xx version.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Mikel_Aanstoot
Contributor
‎2019-04-18 04:40 AM
Jump to solution

This is what we did:

Global Properties > Smartboard Customization > Configure > Portal Properties: changed snx_ssl_min_ver to TLS1.1 and max to TLS1.2

followed: sk120774 (your first link but this was when the gateways where R77.30)

and also on the gateways:

ckp_regedit -a SOFTWARE\\CheckPoint\\FW1 CPTLS_ACCEPT_ECDHE 1

ckp_regedit -a SOFTWARE\\CheckPoint\\FW1 CPTLS_PROPOSE_ECDHE 1

ckp_regedit -a SOFTWARE\\CheckPoint\\FW1 DISABLE_3DES 1

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    Top