Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
johnnyringo
Advisor

Disabling Weak Ciphers (Specifically DES) for IPSEC on R80.30 and R80.40

A new R80.30 cluster has been flagged by Qualys as supporting "Weak IPSec Encryption Settings".  I assumed this was over SHA-1 or 1024-bit keys, but got a bit of a surprise when I viewed the report and saw that it was complaining of DES.  Like RC4 and MD5, DES has been obsolete for about 20 years and there's absolutely no reason to have it enabled or even supported for that matter.  

 

But, how do I disable it?  It's not clear to me if unchecking it in traditional mode is adequate, or I should be looking somewhere else.  

Security Gateway Appliances 

0 Kudos
2 Replies
PhoneBoy
Admin
Admin

0 Kudos
johnnyringo
Advisor

Thanks.  The steps left me a bit confused because we're not configuring VPNs via Traditional Mode (which is the default) and this is a fresh policy created in R80.30.  Also, we don't use Remote Access VPN.  But I'll give that a shot and ask for a re-scan.

CheckPointR8040VPNConfigMethod.png

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events