Hot!Blocking TLS 1.1 in firewall rules

Author
amorales
New Member
  • Total Posts : 10
  • Scores: 0
  • Reward points: 0
  • Joined: 2020/02/02 02:27:43
  • Status: offline
2020/09/15 12:02:30 (permalink)
0

Blocking TLS 1.1 in firewall rules

I am wondering if there is an option to block tls 1.1 traffic in firewall rules without having to enable the ssl offloading. In checkpoint it is possible to do it with IPS but I cannot find any signature to block this. Maybe crafting my own signature? Has anyone been able to achieve this? Thanks!
#1

3 Replies Related Threads

    Markus
    Platinum Member
    • Total Posts : 263
    • Scores: 45
    • Reward points: 0
    • Joined: 2015/03/19 07:30:23
    • Location: Switzerland
    • Status: offline
    Re: Blocking TLS 1.1 in firewall rules 2020/09/15 12:23:39 (permalink)
    0
    Yes, you can do this with app control. Create a profile, set the categories as for your environment (maybe you have already one in place)
    In the override section, add the unwanted ssl/tls versions and set them to block.
    Best
    #2
    amorales
    New Member
    • Total Posts : 10
    • Scores: 0
    • Reward points: 0
    • Joined: 2020/02/02 02:27:43
    • Status: offline
    Re: Blocking TLS 1.1 in firewall rules 2020/09/15 12:45:01 (permalink)
    0
    Thank you very much Markus. Concerning app control, I suppose that in this particular case full ssl inspection is not needed right? I suppose that not but just for confirmation.
    post edited by amorales - 2020/09/15 12:48:18
    #3
    Markus
    Platinum Member
    • Total Posts : 263
    • Scores: 45
    • Reward points: 0
    • Joined: 2015/03/19 07:30:23
    • Location: Switzerland
    • Status: offline
    Re: Blocking TLS 1.1 in firewall rules 2020/09/15 14:49:05 (permalink)
    0
    Hi Arnaldo
    Yes, you're right. SSL deep inspection is not needed for the hole network service category.
    Only Cloud Applications require deep inspection.

    Best
    #4
    Jump to:
    © 2020 APG vNext Commercial Version 5.5