10-31-2023 03:20 AM
Hello,
I've been asked to upgrade a FTD 2130 appliance from version 7.1.0.1 to 7.2.5.
Before starting the upgrade, I did a deploy and received this warning for some of the IKEv1 L2L tunnels that are configured.
"DH Groups 5 is considered insecure and are deprecated in Firewall Threat Defense running 6.7 and will be removed in a later version"
It's the "will be removed in a later version" part that's worried me a little bit. I couldn't find anything in the release notes for 7.2 that say support for DH5 has been removed, but does anyone know in which version of FTD it will be removed?
Thanks
/Chess
Solved! Go to Solution.
10-31-2023 03:32 AM
https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/release-notes/threat-defense/720/threat-defense-release-notes-72/features.html the 7.2 release notes do not indicate DH group 5 is completely removed from IKEv1.
"Diffie-Hellman GROUP 5 is deprecated for IKEv1 and removed for IKEv2, as per the 7.20 guide" - https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/device-config/720/management-center-device-config-72/vpn-s2s.html so you should be ok for IKEv1 tunnels on 7.2...but any future upgrade would likely cause a problem.
10-31-2023 03:32 AM
https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/release-notes/threat-defense/720/threat-defense-release-notes-72/features.html the 7.2 release notes do not indicate DH group 5 is completely removed from IKEv1.
"Diffie-Hellman GROUP 5 is deprecated for IKEv1 and removed for IKEv2, as per the 7.20 guide" - https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/device-config/720/management-center-device-config-72/vpn-s2s.html so you should be ok for IKEv1 tunnels on 7.2...but any future upgrade would likely cause a problem.
10-31-2023 03:52 AM
Thanks, thats good to know.
I have informed the customer about the importance of changing the weak DH groups as soon as possible, so hopefully they will listen and fix it.
Thanks
/Chess
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide