Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Participant

TLS Version 1.0 and 1.1 Protocol Detection Vulnerbility

We not using Checkpoint remote VPN in current setup but still we want to fix the TLS related below mentioned vulnerability.

TLS Version 1.0 and 1.1 Protocol Detection Vulnerbility.

We have VSX deployment and running r80.10 gaia os.

Also what will be the impact if we disable 1.1 and enable 1.2.

0 Kudos
Reply
12 Replies
Employee
Employee

I assume the context here is sk154532 what other blades are enabled in the environment?

0 Kudos
Reply
Participant

Can you share me the sk154532 link?

0 Kudos
Reply
Employee
Employee

 

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

Note access to some SK articles may depend on you support/partner/certification level.

Participant

Do I need to install policy after making the changes?
0 Kudos
Reply
Admin
Admin

Yes
0 Kudos
Reply
Participant

I have made changes today..waiting for the team to re-scan and check if we still get this vulnerability or not.
0 Kudos
Reply
Participant

We have received report from VAPT team after rescanning the Checkpoint devices, still this Vulnerability is showing Open in the report.

0 Kudos
Reply
Admin
Admin

Recommend working with the TAC on this.
0 Kudos
Reply
Participant

TAC has shared below sk.

Kindly check sk132712, if this is relevant? (For Disabling TLS1.0 and TLS1.1)

0 Kudos
Reply
Employee
Employee

Relevance probably depends on which ports the scan revealed the lower TLS versions for.
0 Kudos
Reply
Participant

vapt report says for port 443
0 Kudos
Reply
Participant

We followed the sk147272 on both the cluster member to mitigate TLS and sweet32 vulnerabilities and re-scaned the device now we don't see this in open.

Issue resolved

0 Kudos
Reply