SonicOS 7.1 Firewall
- SonicOS 7.1
- About SonicOS
- About Firewall
- Advanced
- Flood Protection
- SSL Control
- Cipher Control
- Real-Time Black List (RBL) Filter
- Use cases
Cipher Control
You can allow or block any or all TLS and SSH ciphers in SonicOS. This functionality applies to:
- DPI-SSL (TLS traffic inspected by the firewall)
- https MGMT (TLS sessions accessing the firewall)
- SSL Control (inspect TLS traffic passing through the firewall: non DPI-SSL)
Any change to the TLS ciphers apply to all TLS traffic.
The list of ciphers displayed in the Network > Firewall > Cipher Control page are a list of known TLS ciphers. The list of ciphers is a super set of supported ciphers. While this list contains all known ciphers, DPI-SSL and HTTPS MGMT support a much smaller list of ciphers. For example, DPI-SSL and HTTPS MGMT do not yet support TLS 1.3 ciphers or support some weak ciphers that are listed in Network > Firewall > Cipher Control.
The ciphers are ordered based on the security strengths, with ciphers on top more secure than the ones below. Both DPI-SSL and HTTPS MGMT implementations use the relative ordering of their supported ciphers based on Network > Firewall > Cipher Control; that is, for the DPI-SSL supported ciphers, DPI-SSL orders them based on the ciphers listed in Network > Firewall > Cipher Control. The same is true for HTTPS MGMT ciphers.
Was This Article Helpful?
Help us to improve our support portal