Deactivating compression for SSL VPN connections on a LANCOM R&S®Unified Firewall

Description:

The Voracle security vulnerability allows to draw conclusions regarding the complexity of the used password when using SSL VPN with active compression and certain circumstances are met. Therefore LANCOM Systems recommends to generally deactivate compression for SSL VPN connections.

This Knowledge Base article describes how to deactivate compression for SSL VPN connections on a Unified Firewall.

Requirements:

• LANCOM R&S®Unified Firewall with LCOS FX as of version 10.2
• Already configured SSL VPN connection
• Web browser for configuring the Unified Firewall.
  
  The following browsers are supported:
  • Google Chrome
  • Chromium
  • Mozilla Firefox

Procedure:

1) Connect to the Unified Firewall via a web browser and go to the menu VPN → VPN SSL → VPN SSL Settings.

A screenshot of a technical dashboard displaying various network and security settings, including Firewall, IPsec, SSL Settings, and User Authentication options.

2) Deactivate - if active - the option Compression for the used mode an click Save:

Client-to-Site:

A screenshot of a VPN SSL settings interface showing options for host certificate, users, routes, protocol, and other configuration settings, with notifications on modifications preservation and reset options.

Site-to-Site:

This image displays a technical settings interface for configuring SSL VPN, highlighting options such as host certificate details, user settings, routes, timeout settings, protocol settings, and encryption algorithms including AES.

Bridging:

Image showing a VPN SSL settings view interface with various configuration options including host certificate, SSL VPN users, IC routes, protocol settings, port details, and encryption algorithm selections, with notices on preservation of changes until reset or logout.