This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
carl_t
Contributor
‎2019-09-10 07:52 AM

issue with IKE weak negotiations on R80.20

Hi All

Can anyone shed any light for us, we have regular pen tests from our partner, we have a firewall that they say is responding to weak IKE transformations.

We have IKEv2 enabled on this said firewall using AES256 and SHA256 but they still say its weak.

Other firewalls are configured the same but don't have any issues.

Any ideas?

 

0 Kudos
2 Replies
PhoneBoy
Admin
Admin
‎2019-09-10 04:03 PM

Specifically, which ciphers do they claim is being offered?
0 Kudos
Timothy_Hall
Champion
Champion
‎2019-09-15 12:07 PM

The go-to SK for audit scan results is this one: sk100647: Check Point response to common false positives scanning results

Could this be what they are referring to specifically for IKE, which doesn't apply to Check Point firewalls anyway: sk134572: Check Point response to Bleichenbacher oracle cryptographic attack (IKEv1/IKEv2) 

 

New 2021 IPS/AV/ABOT Immersion Self-Guided Video Series
now available at http://www.maxpowerfirewalls.com
0 Kudos