This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
P_Williams
Participant
yesterday

Resolving TLS1.0 and TLS1.1 Security Threats for Remote Access

I have been sent a report listing various public facing services on our firewalls and whether they are allowing TLS1.0 and TLS1.1.

For the URL that clients use to connect to use the Remote Access vpn it has come back as allowing 1.0 and 1.1

Risk VectorFinding IdentifierLast SeenGradeAttributed ToFinding Severity
SSL Configurationsremoteaccess.mycompany.com:44327/03/2025BADMy Company Inc.severe
Asset ImportanceAssetsDetails
criticalremoteaccess.mycompany.comAllows insecure protocol: TLSv1.0; Allows insecure protocol: TLSv1.1

 

Presumably the client, when it connects initially, wouldn't be using 1.0 or 1.1. But beyond that I don't know what I can do to get rid of the vulnerability. I am not sure if the vulnerability even is to do with the RemoteAccess service, it is just that it uses the same public IP as the firewalls.

What could I do on the firewall to remove this vulnerability?

The firewalls are VSX running r81

0 Kudos
7 Replies
G_W_Albrecht
Legend Legend
Legend
yesterday

See sk178505: Which TLS version do Check Point products use?

and then

sk154532: Vulnerability scan detects that the Security Gateway supports TLS 1.0 or TLS 1.1 when one ...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
P_Williams
Participant
yesterday
In response to G_W_Albrecht

That looks promising, many thanks. Looks like it will need a proper review and CAB before implementing but will feedback how I get on.

0 Kudos
G_W_Albrecht
Legend Legend
Legend
15 hours ago
In response to P_Williams

It is just an advanced Portal configuration option in SmartDashboard menue, see the screenshot @the_rock has posted.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
the_rock
Legend
Legend
yesterday

Hey @P_Williams 

I believe you can also correct this with settings I attached from global properties.

Andy

 

Preview file
131 KB
0 Kudos
G_W_Albrecht
Legend Legend
Legend
15 hours ago
In response to the_rock

Yes, found here: sk154532: Vulnerability scan detects that the Security Gateway supports TLS 1.0 or TLS 1.1 when one ...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
the_rock
Legend
Legend
13 hours ago
In response to G_W_Albrecht

Sorry, my bad, it asked me to log in to view that sk when I tried yesterday, but I see it now.

Andy

0 Kudos
G_W_Albrecht
Legend Legend
Legend
10 hours ago
In response to the_rock

You did post the shortcut 🙃

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events