- Products
- Learn
- Local User Groups
- Partners
- More
Welcome to Maestro Masters!
Talk to Masters, Engage with Masters, Be a Maestro Master!
Join our TechTalk: Malware 2021 to Present Day
Building a Preventative Cyber Program
Be a CloudMate!
Check out our cloud security exclusive space!
Check Point's Cyber Park is Now Open
Let the Games Begin!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix!
All Videos In One Space
Hello All,
We are looking to make the necessary changes to remove TLS 1.0 and 1.1 from our gateways. What I would like to know is how many connections we have on these protocols now. Is there a way to generate a report to show what protocol and or Cipher is used during the connection?
Thanks,
Scott
One thing I would try is if you have monitoring blade enabled on the gateway, you can open logs and settings from dashboard and then once you open new tab, just open sv monitor on the bottom left and then under reports, see if there is any option to generate custom report for this. I will check in my lab tomorrow.
I don't think monitoring blade will help you here. But of course you can give it a try.
What you can do, if you have Application Control blade available:
Create different rules for TLS 1.0, TLS 1.1, TLS 1.2.
In these rules, use custom tcp objects where you set the protocol approprietly (TLS10, TLS11, TLS12) AND enable the "Protocol Signature" checkbox in the advanced tab of these service objects.
Then you can observe the hits on that rules. With using one service object per rule, you can use the rule hitcount as fast indicator. If that is not needed because you do log analysis anyway, you can put all three objects in rule because you will see which object has matched in the log entry. But you need to make sure your traffic is handled by a rule, where these objects are used. Otherwise, other objects (like the default https or "tls1.0" will match).
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY