I have a security advisory from my companies ISO department that says we need to turn off SSL RC4 cipher encryption for our SA-4500s. It's recommended to use AES encryption. When I click Configuration -> Security and I get the SSL Options tab, the Allowed Encryption Strength is Accept only 128-bit and greater for SSL. Seems to be a few options, but they are all SSL options.
However, if I got to Resource Policies -> VPN Tunneling -> Connections Profiles, all of the profiles under their connection settings us using Transport ESP and the encryption is set for AES128/SHA1.
I'm confused as to what is then using the SSL Options under the Configuration vs the AES under the connection profiles. Is there a way I can turn off the use of SSL encryption?
No, it is not possible to disable the use of SSL to the appliance. At System>Configuration>Security>SSL, can you set the encryption strength to custom and choose not RC4? The connection profile configuration is specifically, and only, for the VPN tunneling element and how the data channel is established.