With respect to CVE-2022-38023, Microsoft has come up with the following KB article.
Microsoft KB: KB5021130: How to manage the Netlogon protocol changes related to CVE-2022-38023 - Microsoft Support
This is scheduled to happen on the 11th of April 2023, but can be extended to 11th of July 2023.
What we're seeing is that ProxySG is currently using the RC4 for RPC calls through Netlogon with the DC, generating this event:
Source: NETLOGON
EventID: 5840
The Netlogon service created a secure channel with a client with RC4.
Account Name: XXXXXBLUECOAT02$
Domain: xxxxxxxxxx.com.
Account Type: Domain Member
Client IP Address:
Negotiated Flags: 6007ffff
For more information about why this was logged, please visit https://go.microsoft.com/fwlink/?linkid=2209514.
Customers would like to make sure that nothing stops working on the aforementioned date.
Question: Does Broadcom have any official support/guidance as to how to make sure that RC4 ciphers are disabled everywhere on ProxySGs?
Release :
The CVE-2022-38023 does not affect ProxySG as it is already using RPC sealing instead of RPC signing for RPC calls through Netlogon with the DC.
Following rigorous internal testing, it's been verified that RPC seal REG value 2 (Enforcement Mode) does not cause problem with ProxySG/ASG, with Kerberos authentication.
We verified this on Windows 2019 server, that it does not cause issues if strict enforcement value 2 is implemented. ProxySG/ASG is able to authenticate Kerberos ticket with RPC seal.
NTLM works well too. no issues seen with strict RPC seal.