If you use incontrol2 to build your vpn’s between devices, it does not allow you to turn off backwards comptability mode. This mode keeps TLS 1.0 enabled which is considered a major vulnerability and creates an automatic failure during a compliance scan.
This option to disable backwards compatability (for interop with v5 firmware) has been in the standalone version for quite a while. I am surprised that this is not available with incontrol2.
We will add the option to IC2 by the end of this week.
On the network level pepvpn management pages, you should now see an ‘advanced settings’ option.
Selecting this will allow you to disable backward compatibility for the pepvpn configurations of that network.
Let us know if you have any further issues/requests
James,
I am so used to manufacturer’s never listening to their customers that I was actually shocked when I saw this email. I am, and my customer(s) are super grateful for taken the time to listen and respond so quickly for something we needed.
Thank you,
Tim
Hi Tim,
Happy to help. We don’t implement every feature request, but we do consider each one.
Take care,
-James
Was about to request the same but I see its already taken care of, is so refreshing to have a vendor listening to its customers! 
Where is this setting? I cannot find it anywhere, and I am having some clients state they are failing PCI Compliance for this exact issue.
