ZyWALL USG 300 and TLS 1.2

Options
link000
link000 Posts: 39  Freshman Member
First Anniversary 10 Comments Friend Collector
edited April 2021 in Security

Hello. I'm using ZyWALL USG 300.

Firmware Version: 3.30 (AQE.7) ITS-WK09-r59684 / 1.12 / 2015-03-17 00:17:38.

Is it possible to enable TLS 1.2 protocol support in the device?

Thanks.

«13

Comments

  • link000
    link000 Posts: 39  Freshman Member
    First Anniversary 10 Comments Friend Collector
    Options

    Hi, mMontana.

    ZyWALL USG 300:

    Router> show ip http server secure status

    active              : yes

    port                : 443

    certificate         : zywall-usg-300

    force redirect      : yes

    authentication client: no

    anti beast attack   : no

    strong cipher suite : no

    cipher suite        : aes 3des des rc4

    sslv3 support       : no


    For example, USG20W-VPN:

    Router> show ip http server secure status

    active              : yes

    port                : 443

    certificate         : myrouter.zyxel-usg

    force redirect      : yes

    authentication client: no

    strong cipher suite : no

    cipher suite        : aes 3des des rc4

    ssl protocol        : tls1.2 tls1.1 tls1.0

  • jasailafan
    jasailafan Posts: 191  Master Member
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Zywall usg 300 is quite an old model. It doesn't seem to support TLS 1.2.

  • mMontana
    mMontana Posts: 1,300  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    @jasailafan which device produced that output?

  • jasailafan
    jasailafan Posts: 191  Master Member
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    @mMontana

    It is Zywall usg 300 in firmware 3.30(AQE.7).

    Strong cipher suite is enabled.

  • link000
    link000 Posts: 39  Freshman Member
    First Anniversary 10 Comments Friend Collector
    Options

    @jasailafan, @mMontana thanks. I would also like to hear the answer from Zyxel officials.

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,296  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Hi @link000,

    You need to upgrade ZyWALL USG 300 to the latest date firmware 3.30(AQE.7)ITS-WK48-r74988 for TLS 1.2 support.

    The firmware is sent to you in private message.

     

    Disable SSLv3 and TLS 1.0 using commands.

    Router> configure terminal

    Router(config)# no ip http secure-server sslv3

    Router(config)# no ip http secure-server tlsv10

  • link000
    link000 Posts: 39  Freshman Member
    First Anniversary 10 Comments Friend Collector
    Options

    @Zyxel_Emily , thank you very much!

  • link000
    link000 Posts: 39  Freshman Member
    First Anniversary 10 Comments Friend Collector
    Options

    Everything works perfectly.

    Thanks to everyone.

  • StouAdmin
    StouAdmin Posts: 15  Freshman Member
    First Anniversary 10 Comments Friend Collector
    Options

    @Zyxel_Emily

    Hi, is it possible to receive that firmware too for the USG300?

    Im also looking to enable tls1.2 but the firmware i'm using is

    ZyXEL Communications Corp.

    model          : ZyWALL USG 300

    firmware version: 3.30(AQE.7)

    BM version     : 1.13

    build date     : 2015-01-13 16:31:42

    active              : yes

    port                : 443

    certificate         : Fiber

    force redirect      : yes

    authentication client: no

    anti beast attack   : no

    strong cipher suite : yes

    cipher suite        : aes 3des des rc4

    sslv3 support       : no

Security Highlight