This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
ScottG67
Participant
‎2022-01-17 09:09 AM

Report on TLS connections

Hello All,

 

   We are looking to make the necessary changes to remove TLS 1.0 and 1.1 from our gateways. What I would like to know is how many connections we have on these protocols now. Is there a way to generate a report to show what protocol and or Cipher is used during the connection?

 

Thanks,

Scott

0 Kudos
2 Replies
the_rock
Champion
Champion
‎2022-01-17 05:43 PM

One thing I would try is if you have monitoring blade enabled on the gateway, you can open logs and settings from dashboard and then once you open new tab, just open sv monitor on the bottom left and then under reports, see if there is any option to generate custom report for this. I will check in my lab tomorrow.

0 Kudos
Tobias_Moritz
Advisor
‎2022-01-24 06:01 AM

I don't think monitoring blade will help you here. But of course you can give it a try.

What you can do, if you have Application Control blade available:

Create different rules for TLS 1.0, TLS 1.1, TLS 1.2.

In these rules, use custom tcp objects where you set the protocol approprietly (TLS10, TLS11, TLS12) AND enable the "Protocol Signature" checkbox in the advanced tab of these service objects.

Then you can observe the hits on that rules. With using one service object per rule, you can use the rule hitcount as fast indicator. If that is not needed because you do log analysis anyway, you can put all three objects in rule because you will see which object has matched in the log entry. But you need to make sure your traffic is handled by a rule, where these objects are used. Otherwise, other objects (like the default https or "tls1.0" will match).