Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
CSR
Contributor

SHA-512 unavailable for hashing method in Checkpoint Firewall

Hi Team,

SHA-512 is not available as Hashing option in Checkpoint Firewall to configure in VPN community. Even I checked the same on R80.30 as well but its still not feasible. Screenshot attached below.

When can we expect SHA-512 to be included in configuration as nowadays many clients ask to use SHA-512 for Integrity. 

 

Thanks,

CSR

Mobile- +91- 971 727 2237

SHA-512 unavailable.jpg

0 Kudos
Reply
9 Replies
PhoneBoy
Admin
Admin

It will presumably be in an upcoming release.
Not sure if it's in R80.40 or not.
Alex_Gilis
Advisor

Sha384 is a truncated output of SHA512, so you will benefit from 64-bit computing and 512-bits states (but no VPN acceleration R80 mechanism I believe), so you can consider for customers asking you for the biggest number.

CSR
Contributor

Yeah @PhoneBoy But Checkpoint must include this option as earliest as possible.

 

Thanks,

CSR

0 Kudos
Reply
PhoneBoy
Admin
Admin

There does appear to be a customer release of R80.30 that enables SHA512 support.
It can be obtained through your local Check Point office.
CSR
Contributor

Thanks @PhoneBoy, will reach out to CP office for the solution.
0 Kudos
Reply
Timothy_Hall
Champion
Champion

SHA-384 works fine, but is still not implemented in SecureXL.  So any VPN traffic using SHA-384 for a hashing algorithm will be ineligible for acceleration by SecureXL.  All the other encryption and hashing algorithms are eligible for acceleration, including the GCM variants of AES which were added to SecureXL recently and are particularly speedy if AES-NI is present.

 

"Max Capture: Know Your Packets" Video Series
now available at http://www.maxpowerfirewalls.com
CSR
Contributor

Thanks @Timothy_Hall for the explanation. Actually my point is also the same. There is no point of using SHA-384/512 is it's not included in SecureXL. For 1-2 VPN it may be okay but not more VPNs as it can cause Firewall performance issues. So I believe we'll have to wait until Checkpoint includes SHA-512/384 to be used with SecureXL.

 

Thanks,

CSR

 

0 Kudos
Reply
benko2
Participant

We did upgrade to R80.40. SHA512 still not available. Does anybody know when Check Point plans to implement it?

0 Kudos
Reply
idants
Employee
Employee

Hi,

SHA-512 support was added into R81 (also to SecureXL).

SHA-384 was added to SecureXL as part of R81 as well.

Thanks,

Idan Tsarfati.

0 Kudos
Reply