We have a FPR1010 device with FTD image and manage by FDM.
A risk was found in VPN service (outside interface and port 443) that it's using a commonly used Diffie-Hellman primes for SSL key exchange. How can I change that DH primes?
The server is using a common or default prime number as a parameter during the Diffie-Hellman key exchange. This makes the secure session vulnerable to a precomputation attack. An attacker can spend a significant amount of time to generate a lookup/rainbow table for a particular prime number. This lookup table can then be used to obtain the shared secret for the handshake and decrypt the session.
您需要升级到 FDM 7.0 版，该版本现在支持更改远程访问 VPN 的 SSL 密码设置。
Which should translate to - "You will need to upgrade to FDM 7.0, which now supports changing SSL cipher settings for remote access VPN."