Adding and Editing VPN Sites
In this field…
Do this…
P
Secrec
bled. The
Diffie-Hellman group
field is
enerate a new Diffie-Hellman key during IKE Phase 2
e key for each key exchange.
enable PFS only in situations where extreme security is required.
erfect Forward
y
Specify whether to enable Perfect Forward Secrecy (PFS), by selecting
one of the following:
•
Enabled.
PFS is ena
enabled.
•
Disabled.
PFS is disabled. This is the default.
Enabling PFS will g
and renew th
PFS increases security but lowers performance. It is recommended to
D
gr
ellman group to use:
•
Automatic.
The NetDefend firewall automatically selects a
A group with more bits ensures a stronger key but lowers performance.
Rene
n IPSec SA key negotiations. This is
lt value is 3600 seconds (one hour).
iffie-Hellman
Select the Diffie-H
oup
group. This is the default.
•
A specific group
gotiate every
Type the interval in seconds betwee
the
IKE Phase-2 SA lifetime
.
A shorter interval ensures higher security.
The defau
Chapter 12: Working With VPNs
339