Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
NeilDavey
Collaborator
Jump to solution

Weak Ciphers Removal

On our MAB SSL VPN, I have restricted this to only use TLS1.2 and now I want to remove the weak cipher suites as shown.

I can see 2 possible ways of removing these:

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

or

https://supportcenter.checkpoint.com/supportcenter/portal?action=portlets.SearchResultMainAction&eve...

Is there a better one of the 2 methods to use?

I was thinking the 2nd link would be better as it gives a full list of the individual ciphers that you can either allow or block.

Any suggestions welcome.

Thanks

0 Kudos
1 Solution

Accepted Solutions
Mikel_Aanstoot
Contributor

This is what we did:

Global Properties > Smartboard Customization > Configure > Portal Properties: changed snx_ssl_min_ver to TLS1.1 and max to TLS1.2

followed: sk120774 (your first link but this was when the gateways where R77.30)

and also on the gateways:

ckp_regedit -a SOFTWARE\\CheckPoint\\FW1 CPTLS_ACCEPT_ECDHE 1

ckp_regedit -a SOFTWARE\\CheckPoint\\FW1 CPTLS_PROPOSE_ECDHE 1

ckp_regedit -a SOFTWARE\\CheckPoint\\FW1 DISABLE_3DES 1

View solution in original post

2 Replies
G_W_Albrecht
Legend Legend
Legend

I would use sk126613 for R80.xx version.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Mikel_Aanstoot
Contributor

This is what we did:

Global Properties > Smartboard Customization > Configure > Portal Properties: changed snx_ssl_min_ver to TLS1.1 and max to TLS1.2

followed: sk120774 (your first link but this was when the gateways where R77.30)

and also on the gateways:

ckp_regedit -a SOFTWARE\\CheckPoint\\FW1 CPTLS_ACCEPT_ECDHE 1

ckp_regedit -a SOFTWARE\\CheckPoint\\FW1 CPTLS_PROPOSE_ECDHE 1

ckp_regedit -a SOFTWARE\\CheckPoint\\FW1 DISABLE_3DES 1

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events