ATP 500 MacOS 10.15 Catalina SSL Inspection

aemf
aemf Posts: 6  Freshman Member
First Comment Friend Collector Fourth Anniversary
edited April 2021 in Security

MacOS 10.15 Catalina require a 2048bit certificate encryption.

NET::ERR_CERT_WEAK_KEY


In the last message of Emily for ATP 200 :



Have you a BETA test firmware for Zyxel ATP 500 ?

All Replies

  • Zyxel_Jerry
    Zyxel_Jerry Posts: 1,298  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 50 Answers 1000 Comments

    Hi @aemf

    The firmware for ATP 500 is sent to you in private message.

  • aemf
    aemf Posts: 6  Freshman Member
    First Comment Friend Collector Fourth Anniversary

    I test the BETA firmware V4.35(ABFU.1)ITS-WK46-r90773 since 24h, it's work with MacOSX Catalina 10.15 (2048 bits encryption), but it's very slow.

    The CPU used it's at more than 90% with only 20/30 users and 600 sessions.


    Is optimization possible ? Wait and see

  • lalaland
    lalaland Posts: 91  Ally Member
    First Answer First Comment Friend Collector Sixth Anniversary

    I can imagine that device issue/validate a certificate with RSA key 2048 bits would be slower than before base on same hardware platform.

    Maybe you can add well-knows https site into device exclude list. i believe that it would be helpful regarding to your case.

    BTW, If you type CLI "show cpu average", which one caused the high CPU usage?

  • aemf
    aemf Posts: 6  Freshman Member
    First Comment Friend Collector Fourth Anniversary

    Yes, i have in SSL Inspection whitelist the confiances websites with the most connections like Windows Update, office365 ...

    For the moment, i disable SSL Inspections for Catalina Mac IP.

  • Ceccus
    Ceccus Posts: 30  Freshman Member
    First Comment Friend Collector Fifth Anniversary

    Hi,

    me too problem with ATP200.

    I currently use mac osx 10.14 (Mojave)

    A solution is needed.

    Regards

  • lalaland
    lalaland Posts: 91  Ally Member
    First Answer First Comment Friend Collector Sixth Anniversary

    MAC os 10.14 should not have issue. the limitation is on MAC OS 10.15.

    Here is the Apple announcement;

    https://support.apple.com/en-us/HT210176

  • Zyxel_Jerry
    Zyxel_Jerry Posts: 1,298  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 50 Answers 1000 Comments

    Hi @Ceccus

    As lalaland mentioned, it should not happen on MacOS 10.14.

    However, if you are planning to upgrade to MacOS 10.15, the firmware upgrade will be needed. I’ll sent you the firmware in private message.

  • Ceccus
    Ceccus Posts: 30  Freshman Member
    First Comment Friend Collector Fifth Anniversary

    Hi Jerry

    I downloaded the firmware and i will test with Mac OSX 10.14 and 10.15.

    Thanks

    Regards

    D.

Security Highlight