This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Chandhrasekar_S
Collaborator
‎2018-12-11 01:45 PM

How to prevent TLS1.0 traffic passing through gateway using IPS

Hello,

We are running CheckPoint R80.10 and have enabled IPS, Anti-Virus, Anti-Bot threat prevention blades. There is a requirement to block TLS1.0 traffic passing through the gateway. Just wondering how we can achieve this using our Threat Prevention blades.

Thanks,

Chandru

7 Replies
Anthony_Nguyen
Employee
Employee
‎2018-12-11 01:55 PM

You can enable the IPS protection "Transport Layer (TLS) Version 1.0" to block TLSv1.0:

Chandhrasekar_S
Collaborator
‎2018-12-11 02:19 PM
In response to Anthony_Nguyen

Thanks Anthony. Thats very helpful.

The requirement is to block TLS1.0 traffic for a particular subnet reaching an public IP address. Does it mean, I need to create a new rule under Threat Prevention policy specifying the source and destination with block on TLSv1.0  

0 Kudos
Vladimir
Champion
Champion
‎2018-12-11 05:49 PM
In response to Chandhrasekar_S

You are better off creating this exception:

Otherwise, you'll have to create a separate profile with TLS 1.0 protection only and apply it to your desired scope.

Chandhrasekar_S
Collaborator
‎2018-12-11 06:59 PM
In response to Vladimir

OK. Thanks Vladimir. This seems to be a possible solution

Kirupa_Shankar_
Explorer
‎2023-08-31 08:32 PM
In response to Chandhrasekar_S

@Chandhrasekar_S @Timothy_Hall @@Did you try and did it work? Does using those protection increase cpu or memory as the performance impact is like 4/5 ?

0 Kudos
Magnus-Holmberg
Advisor
Advisor
‎2021-12-27 01:01 AM
In response to Anthony_Nguyen

Would SSL inspection be needed for this to actually work?

https://www.youtube.com/c/MagnusHolmberg-NetSec
0 Kudos
Timothy_Hall
Legend Legend
Legend
‎2021-12-27 06:50 AM
In response to Magnus-Holmberg

Pretty sure the answer is no, as the client and server agree on SSL/TLS versions and cipher suites right at the start of the negotiations which are still in the clear, and the firewall should be able to inspect it without full HTTPS Inspection.

Gaia 4.18 (R82) Immersion Tips, Tricks, & Best Practices
Self-Guided Video Series Coming Soon

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    In-Person

    Tue 07 Oct 2025 @ 09:30 AM (CEST)

    CheckMates Live Denmark!
    CheckMates Events