ZyWALL USG 300 and TLS 1.2

link000

Hello. I'm using ZyWALL USG 300.

Firmware Version: 3.30 (AQE.7) ITS-WK09-r59684 / 1.12 / 2015-03-17 00:17:38.

Is it possible to enable TLS 1.2 protocol support in the device?

Thanks.

mMontana

Did you disabled weak cyphers?

https://kb.zyxel.com/KB/searchArticle!gwsViewDetail.action?articleOid=014475&lang=EN

Or TLS 1.0?

https://kb.zyxel.com/KB/searchArticle!gwsViewDetail.action?articleOid=016999&lang=EN

(backup before doing any test...)

link000

Hi, mMontana.

ZyWALL USG 300:

Router> show ip http server secure status

active              : yes

port                : 443

certificate         : zywall-usg-300

force redirect      : yes

authentication client: no

anti beast attack   : no

strong cipher suite : no

cipher suite        : aes 3des des rc4

sslv3 support       : no

For example, USG20W-VPN:

Router> show ip http server secure status

active              : yes

port                : 443

certificate         : myrouter.zyxel-usg

force redirect      : yes

authentication client: no

strong cipher suite : no

cipher suite        : aes 3des des rc4

ssl protocol        : tls1.2 tls1.1 tls1.0

jasailafan

Zywall usg 300 is quite an old model. It doesn't seem to support TLS 1.2.

mMontana

@jasailafan which device produced that output?

jasailafan

@mMontana

It is Zywall usg 300 in firmware 3.30(AQE.7).

Strong cipher suite is enabled.

link000

@jasailafan, @mMontana thanks. I would also like to hear the answer from Zyxel officials.

Zyxel_Emily

Hi @link000,

You need to upgrade ZyWALL USG 300 to the latest date firmware 3.30(AQE.7)ITS-WK48-r74988 for TLS 1.2 support.

The firmware is sent to you in private message.

 

Disable SSLv3 and TLS 1.0 using commands.

Router> configure terminal

Router(config)# no ip http secure-server sslv3

Router(config)# no ip http secure-server tlsv10

link000

@Zyxel_Emily , thank you very much!

link000

Everything works perfectly.

Thanks to everyone.

StouAdmin

@Zyxel_Emily

Hi, is it possible to receive that firmware too for the USG300?

Im also looking to enable tls1.2 but the firmware i'm using is

ZyXEL Communications Corp.

model          : ZyWALL USG 300

firmware version: 3.30(AQE.7)

BM version     : 1.13

build date     : 2015-01-13 16:31:42

active              : yes

port                : 443

certificate         : Fiber

force redirect      : yes

authentication client: no

anti beast attack   : no

strong cipher suite : yes

cipher suite        : aes 3des des rc4

sslv3 support       : no