This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Sanjay_S
Advisor
‎2022-08-23 04:29 AM

TLSv1.3 and Weak CBC Ciphers

Hi All,

We are planning to enable the inspection of TLSv1.3 on R81 gateways. I went through the below document to enable it but not really sure whether the interface IPs configured on firewalls will also be inspected with the TLSv1.3. Also may i know whether this will affect the TLSv1.2 traffic passing through the firewall once we enable this option?

HTTPS Inspection (checkpoint.com)

We are also planning to disable weak CBC ciphers but did not find any such documents related to disable. When it comes to Cisco ASA it can be done directly in ASDM but not finding any options in Checkpoint, could you please help me with any such documents which helps me with the configuration on removing the weak Ciphers?

Also will there be any impact other than not negotiating with the weak ciphers? Mainly when negotiating for the Remote Access VPN.

Regards,

Sanjay S

0 Kudos
4 Replies
PhoneBoy
Admin
Admin
‎2022-08-23 05:01 AM

Different infrastructure needs to be enabled to inspect TLS 1.3.
It will also inspect TLS 1.2 and earlier. 

For the cipher question: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

0 Kudos
Sanjay_S
Advisor
‎2022-08-23 05:42 AM
In response to PhoneBoy

Thank you PhoneBoy this really helps.

0 Kudos
Sanjay_S
Advisor
‎2022-09-06 06:27 AM
In response to Sanjay_S

Hi PhoneBoy,

Is there any list of approved Ciphers by Checkpoint to use and weak ciphers list which we can disable?

Regards,

Sanjay S

0 Kudos
PhoneBoy
Admin
Admin
‎2022-09-06 07:36 AM
In response to Sanjay_S

Do we have a specific document? No.
The ciphers we have enabled by default should provide the best mix of usability and security.
Additional ones can be disabled based on your precise requirements.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events