Phase 2 Settings - Watchguard Firebox X15 User Manual
Firebox x edge e-series version 10 all firebox x edge e-series standard and wireless models
Hide thumbs
Also See for Firebox X15:
- User manual (266 pages) ,
- Quick start manual (2 pages) ,
- Reference manual (264 pages)
Table of Contents
Advertisement
Phase 2 settings
Phase 2 negotiates the data management security association for the tunnel. The tunnel uses this phase to
create IPSec tunnels and put data packets together.
You can use the default Phase 2 settings to make configuration easier.
Make sure that the Phase 2 configuration is the same on the two devices.
To change the Phase 2 settings:
1. Select the authentication method from the Authentication Algorithm drop-down list.
2. Select the encryption algorithm from the Encryption Algorithm drop-down list.
3. TOS bits are a set of four-bit flags in the IP header that can tell routing devices to give some VPN traffic
higher priority. Some ISPs drop all packets that have TOS flags set. If you select the Enable TOS for
IPSec check box, the Edge preserves existing TOS bits in VPN traffic packets. If the check box is not
selected, the Edge removes TOS bits.
4. To use Perfect Forward Secrecy, select the Enable Perfect Forward Secrecy check box. This option
makes sure that each new key comes from a new Diffie-Hellman exchange. This option makes the
negotiation more secure, but uses more time and computer resources.
User Guide
Branch Office Virtual Private Networks
261
Hide quick links:
Advertisement
Table of Contents
