SSLVPN Firebox Webserver Ciphers - PCI Compliance
IN the recent months, while performing PCI DSS scans against the public addresses hosted by our Firebox, it has now been determined that the ciphers used on the Firebox Webserver are unsecure and weak, causing failed reports for PCI.
Anyone else having this issue? After working through multiple tech support engineers at WG, they have told me that the ability to change ciphers in in a future release, and then the next tech told me that there are NO plans for this and basically I am SOL if I am using SSLVNP as they have no plans to update it.
How is this possible coming from a company that has a product designed around security?
Is anyone else using WG and have PCI DSS compliance?
Has anyone else done their quarterly scans and found this issue?
I feel that support at WG is slowly going downhill. Which is very unfortunate as we were planning to role out some larger Firebox appliances, however this might put a halt on that...