RED PCI Compliance Changes
PCI Compliance will always fail on current UTMs using RED. This is due to being unable to disable SSL v3 on this as well as being unable to change the certificates used (currently weak, not using at least 2048 bit keys). Please fix!
Bryan
shared this idea
9 comments
-
Anonymous
commented
This is for port 3400
-
Alex
commented
As a workaround you can do this through the console. There is a KB article I used and it worked for me.
https://community.sophos.com/kb/en-us/126989 -
Anthony Jeffries
commented
We really need this! Even with the most recent update to UTM 9, we still don't pass our PCI scan. And if you're *not* going to patch this, at least provide clear documentation we can use to prove to Trustwave that this is a false positive.
-
Gary Farnham
commented
Yes please make change so we can pass PCI without need to continually request false positive If nothing else publish the Remote Ethernet Device (RED) certificates only on the RED interface IP.
-
Anonymous
commented
THIS IS A HUGE NEED! If this cant be corrected soon sophos is going to loose a LOT of business.
-
Terence Kent
commented
This isn't a feature request, this is a bug report...
-
Aaron Waters
commented
Some good points brought up at: http://feature.astaro.com/forums/17359-utm-formerly-asg-feature-requests/suggestions/7078356-add-access-controls-for-red-listening-service
There needs to be a way to configure the listening properties for this service, since obviously there won't be a publicly signed cert option.
-
Anonymous
commented
Sounds like a Need
-
Bryan
commented
Also, TLS v1.0 is supported. This needs to be removed.
