cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

Disabling CRL checking for centrally managed VPNs

I have many 1100/1400 smart provisioned, centrally managed appliances which do CRL check with management server (fw1_ica_services port)  and if check fails tunnel is dropped with default of 24h. Is there a way to disable this check i.e. sk21156 ? I don't need CRL check because if I don't want appliance to have tunnel up I will terminate the provisioned object on mgmt server. Please advice

Tags (1)
0 Kudos
2 Replies
Admin
Admin

Re: Disabling CRL checking for centrally managed VPNs

I don't see why you couldn't apply the SK you referenced to solve the issue, even if you're using SmartProvisioning. 

0 Kudos

Re: Disabling CRL checking for centrally managed VPNs

Correct. It's not really an issue, CRL check is default (by design) but I think it creates Denial of Service risk because the port has to be opened on public IP.

0 Kudos