When you conduct an internal network vulnerability test using different types of vulnerability scanner, results often indicate that the Edge SWG (ProxySG) appliance management console on port 8082 has a weak cipher suite and potential vulnerability.
Perform the following tasks to resolve the issue.
Task 1: Determine the keyring that the Management Console uses:
Task 2: Remove ciphers with Medium or Low strength from the keyring:
>enable
Enable Password: <password>
#conf t
Enter configuration commands, one per line. End with CTRL-Z.
#(config)management-services
#(config management-services)edit HTTPS-Console
#(config HTTPS-Console)attribute cipher-suite des-cbc3-sha des-cbc3-md5 aes256-sha
ok
After you apply these changes, the Management Console will show strong cipher suites with 256-bit encryption using any network vulnerability scanner.
Note: Please make sure that you enable HTTP-Console before making this change. If your browser does not support the selected cipher-suites, you'll need the HTTP-Console to access the Edge SWG (ProxySG) Web Console. After the change to the cipher suites has been tested, you can disable the HTTP-Console.