RED PCI Compliance Changes
PCI Compliance will always fail on current UTMs using RED. This is due to being unable to disable SSL v3 on this as well as being unable to change the certificates used (currently weak, not using at least 2048 bit keys). Please fix!

9 comments
-
Anonymous commented
This is for port 3400
-
Alex commented
As a workaround you can do this through the console. There is a KB article I used and it worked for me.
https://community.sophos.com/kb/en-us/126989 -
Anthony Jeffries commented
We really need this! Even with the most recent update to UTM 9, we still don't pass our PCI scan. And if you're *not* going to patch this, at least provide clear documentation we can use to prove to Trustwave that this is a false positive.
-
Gary Farnham commented
Yes please make change so we can pass PCI without need to continually request false positive If nothing else publish the Remote Ethernet Device (RED) certificates only on the RED interface IP.
-
Anonymous commented
THIS IS A HUGE NEED! If this cant be corrected soon sophos is going to loose a LOT of business.
-
Terence Kent commented
This isn't a feature request, this is a bug report...
-
Aaron Waters commented
Some good points brought up at: http://feature.astaro.com/forums/17359-utm-formerly-asg-feature-requests/suggestions/7078356-add-access-controls-for-red-listening-service
There needs to be a way to configure the listening properties for this service, since obviously there won't be a publicly signed cert option.
-
Anonymous commented
Sounds like a Need
-
Bryan commented
Also, TLS v1.0 is supported. This needs to be removed.