This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Disable DH768(MODP768), Diffie-Hellman Key Exchange

Hi, 

I would like to disable the following weak IPSEC encryption DH768.

Are there any issues disabling this intraday, we are operating under covid restrictions and the firewall is managing all our remote user connectivity.

Setup is highly available in a master/slave configuration, what is the process involved with making this change.

Thank you.



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi @Ro By,

    Thank you for reaching out to the Community! 

    Did you configure the IPSec policy with DH group 768 that is currently being used by an active IPsec connection? Did the network scan detect these DH group? 

    Please provide some more information. 

    Thanks,

  • Hi, yes a qualys network scan detected this being used. 

  • FormerMember
    0 FormerMember in reply to Ro By

    Hi ,

    Thank you for the update. 

    If the external scan has detected this, you probably have the policy in use with an IPsec connection that needs to be updated. 

    Please check the configured IPsec policies and find the one with DH group 768 and update it. 

    Thanks,

  • Can you show us the IPSEC policy used?

    Do you use IPSEC for RAS and/or S2S VPN?


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

Reply
  • Can you show us the IPSEC policy used?

    Do you use IPSEC for RAS and/or S2S VPN?


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

Children