cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

594
Views
0
Helpful
4
Replies
paulc
Beginner

PCI compliance & SSL (pix 515e)

We need to meet PCI compliance.  However, my firewall fails because, according to the scan, it accepts SSL 2 ciphers. I talked to the company issuing compliance certificates and explained that all my internet-accessible servers meet guidelines.  But they're coming back and saying that their hands are tied.  Even if my firewall can't actually be connected to it has to be compliant.

I can't see where to disable SSL 2.0.  Is that even possible with a 515E?

4 REPLIES 4
jilahbg
Beginner

Maybe slightly off-topic but... Do you use SSL at all in the firewall? If you dont use webvpn (do you?) all there is left for use of ssl is for asdm management. Maybe you can live without it by turning of the internal web-server?

No, we don't.  I do use the PDM once in a while.  Is it possible to switch it to port 80 instead

of 443?

Well, if PCI compliance doesnt allow you to use SSL2.0 it surely wont dance happily if you change to plain-text http. Sorry. :-)

I guess turning GUI off totally and managing your firewall over SSH doesnt suit you?

I don't know what they'd do if I switch to 80.  Nope, can't use SSH either; it fails on that, too. What irritates me is that you can only connect

to it internally.

I've got an ASA at another site and it passes fine.  That's why I wonder if there isn't a way to disable SSl 2 on the 515e.

Create
Recognize Your Peers
Polls
Which of these topics should we host an event in the Community?

Top Choice: pxGrid (37%)

Content for Community-Ad