Configure SSL protocol version used in SSL VPN by Check Point


With a lot of attention recently to the SSL protocol vulnerabilities browser vendors increase security of their SSL implementation almost daily. One of the recommendations is to use the most up to date SSL version available. Check Point for its SSL based VPNs (by the way it is the same configuration for Endpoint clients) like SNX SSL and Mobile Access can support SSL versions in the range SSLv3 up to TLS 1.2. So if your clients’ browsers support it you can force the specific SSL version for their connections. Warning: do NOT set minimal SSL version higher than TLS 1.0 because this would cause internal communication of applications of the Check Point itself to fail. You set the parameters here: SmartDashboard -> Global Properties -> SmartDashboard Customization- > Configure -> Portal Properties-> snx_ssl_max_ver and snx_ssl_min_ver

fig 1