ATP 500 MacOS 10.15 Catalina SSL Inspection

aemf
aemf Posts: 6
First Anniversary Friend Collector First Comment
edited April 2021 in Security

MacOS 10.15 Catalina require a 2048bit certificate encryption.

NET::ERR_CERT_WEAK_KEY


In the last message of Emily for ATP 200 :



Have you a BETA test firmware for Zyxel ATP 500 ?

All Replies

  • Zyxel_Jerry
    Zyxel_Jerry Posts: 1,026  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @aemf

    The firmware for ATP 500 is sent to you in private message.

  • aemf
    aemf Posts: 6
    First Anniversary Friend Collector First Comment

    I test the BETA firmware V4.35(ABFU.1)ITS-WK46-r90773 since 24h, it's work with MacOSX Catalina 10.15 (2048 bits encryption), but it's very slow.

    The CPU used it's at more than 90% with only 20/30 users and 600 sessions.


    Is optimization possible ? Wait and see

  • lalaland
    lalaland Posts: 90  Ally Member
    First Anniversary 10 Comments Friend Collector First Answer

    I can imagine that device issue/validate a certificate with RSA key 2048 bits would be slower than before base on same hardware platform.

    Maybe you can add well-knows https site into device exclude list. i believe that it would be helpful regarding to your case.

    BTW, If you type CLI "show cpu average", which one caused the high CPU usage?

  • aemf
    aemf Posts: 6
    First Anniversary Friend Collector First Comment

    Yes, i have in SSL Inspection whitelist the confiances websites with the most connections like Windows Update, office365 ...

    For the moment, i disable SSL Inspections for Catalina Mac IP.

  • Ceccus
    Ceccus Posts: 24  Freshman Member
    First Anniversary 10 Comments Friend Collector

    Hi,

    me too problem with ATP200.

    I currently use mac osx 10.14 (Mojave)

    A solution is needed.

    Regards

  • lalaland
    lalaland Posts: 90  Ally Member
    First Anniversary 10 Comments Friend Collector First Answer

    MAC os 10.14 should not have issue. the limitation is on MAC OS 10.15.

    Here is the Apple announcement;

    https://support.apple.com/en-us/HT210176

  • Zyxel_Jerry
    Zyxel_Jerry Posts: 1,026  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @Ceccus

    As lalaland mentioned, it should not happen on MacOS 10.14.

    However, if you are planning to upgrade to MacOS 10.15, the firmware upgrade will be needed. I’ll sent you the firmware in private message.

  • Ceccus
    Ceccus Posts: 24  Freshman Member
    First Anniversary 10 Comments Friend Collector

    Hi Jerry

    I downloaded the firmware and i will test with Mac OSX 10.14 and 10.15.

    Thanks

    Regards

    D.

Security Highlight