A new R80.30 cluster has been flagged by Qualys as supporting "Weak IPSec Encryption Settings". I assumed this was over SHA-1 or 1024-bit keys, but got a bit of a surprise when I viewed the report and saw that it was complaining of DES. Like RC4 and MD5, DES has been obsolete for about 20 years and there's absolutely no reason to have it enabled or even supported for that matter.
But, how do I disable it? It's not clear to me if unchecking it in traditional mode is adequate, or I should be looking somewhere else.
Security Gateway Appliances