Disabling weak ciphers for IPSec VPN?
The equipment in question is an NSA E5500 running the latest firmware and thus far there seems to be no way to disable the use of weak ciphers for an IPSec VPN connection. This is causing a bit of trouble, because it appears to allow MD5, SHA1, and 3DES methods to continue being advertised as available as well as allow VPN connections using these mechanisms no matter how the settings for WAN GroupVPN policies are configured.
Is there any way to actually disable these methods so that we can finally make 100% PCI compliance?
(To those who are about to guess, it's apparently not the Cipher Control page)
Best Answer
-
shiprasahu93 Moderator
Hello @proberts,
Please try to disable the following option under WANGroup VPN settings and then test it out.
Thanks!
Shipra Sahu
Technical Support Advisor, Premier Services
5
Answers
That does work but it brings into question why "multiple proposals" should somehow mean "weak ciphers that should have been abandoned some time ago"
Hello @proberts,
That option is to basically provide backward compatibility with older GVC clients if any.
Thanks!
Shipra Sahu
Technical Support Advisor, Premier Services
Hi @proberts,
You can disable the Cipher suites in Sonicwall if its not suitable in your production environment for that navigate to Firewall Settings --> Cipher Control;