02-11-2010 11:12 AM - edited 03-11-2019 10:08 AM
We need to meet PCI compliance. However, my firewall fails because, according to the scan, it accepts SSL 2 ciphers. I talked to the company issuing compliance certificates and explained that all my internet-accessible servers meet guidelines. But they're coming back and saying that their hands are tied. Even if my firewall can't actually be connected to it has to be compliant.
I can't see where to disable SSL 2.0. Is that even possible with a 515E?
02-11-2010 01:00 PM
Maybe slightly off-topic but... Do you use SSL at all in the firewall? If you dont use webvpn (do you?) all there is left for use of ssl is for asdm management. Maybe you can live without it by turning of the internal web-server?
02-11-2010 01:05 PM
No, we don't. I do use the PDM once in a while. Is it possible to switch it to port 80 instead
of 443?
02-11-2010 01:07 PM
Well, if PCI compliance doesnt allow you to use SSL2.0 it surely wont dance happily if you change to plain-text http. Sorry. :-)
I guess turning GUI off totally and managing your firewall over SSH doesnt suit you?
02-11-2010 01:13 PM
I don't know what they'd do if I switch to 80. Nope, can't use SSH either; it fails on that, too. What irritates me is that you can only connect
to it internally.
I've got an ASA at another site and it passes fine. That's why I wonder if there isn't a way to disable SSl 2 on the 515e.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide