Watchguard Firebox SOHO 6 Wireless User Manual page 140

Chapter 9: VPN—Virtual Private Networking
closes, the SOHO 6 Wireless does a rekey to open the tunnel
again.
The Generate IKE Keep Alive Messages checkbox is selected in the default
configuration.
Use the default Phase 2 settings, or change the Phase 2 settings as
shown below:
Make sure that the Phase 2 settings are the same on both appliances.
13 From the Authentication Algorithm drop-down list, select the
type of authentication.
14 From the Encryption Algorithm drop-down list, select the type
of encryption.
15 Select the Enable Perfect Forward Secrecy checkbox, if
necessary.
When this option is selected, each new key that is negotiated is derived by
a new Diffie-Hellman exchange instead of from only one Diffie-Hellman
exchange. This option gives more security, but increases the time
necessary for the communication because of the additional exchange.
16 Type the number of kilobytes and the number of hours until
negotiation expiration in the applicable fields.
17 Type the IP address of the local network and the remote
network that must use Phase 2 negotiation.
18 Click Submit.
114
N
OTE
WatchGuard Firebox SOHO 6 Wireless