Hi all, A customer's site with VPN-1 NG R55 HFA_16 was scanned by an external company.
They reported me, that this site supports DES and DH group 1 (768 bit) as a proposal in the IKE protocol. Of course, we do not use DES and DH group 1 for any VPN. I verified the firewall object and in fact, there is support for DES checked in traditional mode configuration in the VPN tab but only DH group 2 in the advanced properties section. I suppose, if I uncheck DES, it will be no longer supported, but DH group 1 is already unchecked? Is there another way to switch off these unsecure features? Thanks, in advance. Robert ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
