Description:

The Voracle security vulnerability allows to draw conclusions regarding the complexity of the used password when using SSL VPN with active compression and certain circumstances are met. Therefore LANCOM Systems recommends to generally deactivate compression for SSL VPN connections.

This Knowledge Base article describes how to deactivate compression for SSL VPN connections on a Unified Firewall.

As of LCOS FX 10.6 Rel compression is deactivated by default. For LCOS FX as of version 10.6 Rel the compression therefore only has to be deactivated for existing installations.



Requirements:

  • LANCOM R&S®Unified Firewall with LCOS FX as of version 10.2
  • Already configured SSL VPN connection
  • Web browser for configuring the Unified Firewall.

    The following browsers are supported:
    • Google Chrome
    • Chromium
    • Mozilla Firefox


Procedure:

1) Connect to the Unified Firewall via a web browser and go to the menu VPN → VPN SSL → VPN SSL Settings.

2) Deactivate - if active - the option Compression for the used mode an click Save:

Please note, that Compression has to be deactivated on both Unified Firewalls when using the modes Site-to-Site and Bridging


Client-to-Site:



Site-to-Site:



Bridging:

All LANCOM products and software versions are subject to LANCOM Software Lifecycle Management.
You can find information on our website at https://www.lancom-systems.com/products/firmware/software-lifecycle-management

© 2019-2024 LANCOM Systems GmbH