Table of Contents:
Click Here to Show Entire Article
Checking the OpenSSL version
Products that are not vulnerable
The following product lines are not vulnerable (OpenSSL used in these products is not vulnerable):
- Security Gateway
- Security Management Server
- Multi-Domain Security Management Server
- Endpoint Security Management Server
- Endpoint Connect clients
- SSL Network Extender (SNX)
- 41000 / 61000 Data Center Security Appliances
- BlueCoat (legacy Crossbeam) X-Series
- 21000 Data Center Security Appliances
- 2000 / 4000 / 12000 / 13500 / 13800 Appliances
- Power-1 / UTM-1 / VSX-1 / DDoS / Smart-1 Appliances
- IP Series Appliances
- 600 appliances
- 1100 appliances
- Edge devices
- Safe@Office devices
Affected products
IPS protections
Check Point has issued the relevant IPS updates on April 09, 2014 and April 12, 2014:
Notes:
Description of IPS Protections:
-
-
-
TLS and DTLS Heartbeat Extension
Protection's description on Check Point advisory
How to locate this protection in SmartDashboard:
- SmartDashboard - go '
IPS
' tab - expand 'Protections
' - expand 'By Type
' - expand 'Application Controls
' - search for TLS and DTLS Heartbeat Extension
- SmartDashboard - go '
IPS
' tab - expand 'Protections
' - expand 'By Protocol
' - expand 'IPS Software Blade
' - expand 'Application Intelligence
' - expand 'VPN Protocols
' - click on 'SSL and TLS
' - find TLS and DTLS Heartbeat Extension
These protections can be configured to generate a log.
Show / Hide example of SmartView Tracker log
Product = IPS Software Blade
Type = Log
Service = https (443)
Protocol = tcp
Protection Name = OpenSSL TLS DTLS Heartbeat Information Disclosure
Attack = SSL Enforcement Violation
Attack Information = OpenSSL TLS DTLS Heartbeat Information Disclosure
CVE List = CVE-2014-0160 CVE-2014-0346
Protection Type = Signature
Protection ID = asm_dynamic_prop_AMSN20140408_01
Inductry Reference = CVE-2014-0160, CVE-2014-0346

HTTPS Inspection
By applying HTTPS Inspection, Check Point Security Gateway protects from SSL Zero-Day attacks such as "Heartbleed".
Refer to IPS Administration Guide (R75.20 , R75.40 , R75.40VS , R76 , R77) - Chapter 6 'Monitoring Traffic' - 'HTTPS Inspection'.
|
This solution is about products that are no longer supported and it will not be updated
|
Applies To: