cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
746
Views
0
Helpful
4
Replies

PCI compliance & SSL (pix 515e)

paulc
Level 1
Level 1

We need to meet PCI compliance.  However, my firewall fails because, according to the scan, it accepts SSL 2 ciphers. I talked to the company issuing compliance certificates and explained that all my internet-accessible servers meet guidelines.  But they're coming back and saying that their hands are tied.  Even if my firewall can't actually be connected to it has to be compliant.

I can't see where to disable SSL 2.0.  Is that even possible with a 515E?

4 Replies 4

jilahbg
Level 1
Level 1

Maybe slightly off-topic but... Do you use SSL at all in the firewall? If you dont use webvpn (do you?) all there is left for use of ssl is for asdm management. Maybe you can live without it by turning of the internal web-server?

No, we don't.  I do use the PDM once in a while.  Is it possible to switch it to port 80 instead

of 443?

Well, if PCI compliance doesnt allow you to use SSL2.0 it surely wont dance happily if you change to plain-text http. Sorry. :-)

I guess turning GUI off totally and managing your firewall over SSH doesnt suit you?

I don't know what they'd do if I switch to 80.  Nope, can't use SSH either; it fails on that, too. What irritates me is that you can only connect

to it internally.

I've got an ASA at another site and it passes fine.  That's why I wonder if there isn't a way to disable SSl 2 on the 515e.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: