Switch to older TLS security options
Windows agents and probes have been updated to require TLS 1.2. N-able N-central uses TLS 1.2 as a default configuration. This means that N-able N-central does not allow traffic over TLS 1.0.
This causes any Windows agents or probes that are running on Windows XP and Windows Server 2003, as well as pre-v12.1 versions of the macOS agent, to lose the ability to communicate with your N-able N-central server.
You can switch the network security profile to the Legacy Security Profile to use older TLS versions so you can continue to monitor these devices.
A reboot is always required when you switch to a different network security profile.
The differences between the two profiles are:
Compatibility Security Profile
The Compatibility security profile sits between the Legacy and Modern security profiles. It allows you to support older operating systems, such as Windows Server 2012 R2, but without allowing TLS 1.1 or 1.0.
- Does not support TLS 1.0 and 1.1.
- Disables weak SSH Ciphers, MACs and KEX Algorithms.
- Supports Modern Operating Systems (Windows 7/Server 2008 R2 and newer).
- Meets PCI requirements for TLS and ciphers.
-
Support for only 2048 bit keys
N-able strongly recommends that you choose between either the Compatibility or Modern security profile as we plan to deprecate the Legacy security profile in a future release of N-central.
Modern Security Profile:
-
Supports TLS 1.3 on all UI, API, and Agent ports. The Web UI ports have further been enhanced with TLS ciphers that offer improved performance on mobile devices.
- Configures N-central's UI so that it does not support TLS 1.0, 1.1, SHA1 and all weak ciphers and non-PFS ciphers.
- Disables weak SSH Ciphers, MACs and KEX Algorithms.
- Will work with Modern Operating Systems (Windows 10/Server 2016 and newer).
- Meets PCI requirements for TLS and ciphers.
-
Support for only 2048 bit keys
Windows servers version 2012 R2 are unable to communicate with N-able N-central or later servers configured to Modern profile.
Legacy Security Profile:
- Configures N-central's UI to support TLS 1.0 and 1.1
- Not PCI/HIPPA/NIST compliant.
- Supports legacy operating systems (i.e. Windows Vista/Server 2008).
This setting is only available at the System level. Changing this option will require the server to be restarted.
- Go to Administration > Mail and Network Settings > Network Security.
- Click the Legacy Settings option.
- Click Save.
- N-able N-central will prompt you to acknowledge a reboot of the server. The server is rebooted and begins using the TLS 1.0 and 1.1 security.
For more information on security profiles, see the KB article, Preparing Agents and Probes for communicating over TLS1.2 with N-central Modern Security Profile or Agent/Probe not checking in.