Security Policy Settings - SonicWALL Internet Security Appliances Administrator's Manual

Sonicwall internet security appliances administrator's guide

Hide thumbs

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

285

286

287

288

289

290

291

292

293

Table of Contents

Security Policy Settings

The following sections describe the Security Policy settings for Group VPN, IKE using Pre-shared

Secret, and Manual Key.

Security Policy Settings for Group VPN

•

Phase 1 DH Group - Diffie-Hellman (DH) key exchange (a key agreement protocol) is used during

phase 1 of the authentication process to establish pre-shared keys. Groups 1, 2, 5 use Modular-

Exponential with different prime lengths as listed below. If network speed is preferred, select

Group 1. If network security is preferred, select Group 5. To compromise between network

speed and network security, select Group 2.

•

SA Life time (secs) - allows you to configure the length of time a VPN tunnel is active. The default

value is 28800 seconds (eight hours). You can configure up to 2,500,000 seconds (28.9 days).

•

Phase 1 Encryption/Authentication - select an encryption method from the Encryption/Authen-

tication for the VPN tunnel. If you select IKE using Pre-Shared Secret for your SA, you can select

from one of eight encryption methods:

AES support is available only on the PRO 230, PRO 330 and GX series.

These are listed in order from least secure to most secure. If network speed is preferred, then

select DES & MD5. If network security is preferred, select 3DES & SHA1. To compromise

between network speed and network security, select DES & SHA1. AES (Advanced Encryption

Standard) is an encryption method for securing sensitive but unclassified material by U.S.

Government agencies.

These are listed in order from least secure to most secure. If network speed is preferred, then

select DES & MD5. If network security is preferred, select 3DES & SHA1. To compromise

between network speed and network security, select DES & SHA1.

•

Phase 2 Encryption/Authentication - Phase 2 Encryption/Authentication is different for the

Group VPN SA. The VPN Client does not support ARCFour encryption methods, and you cannot

disable authentication in the VPN client. The following encryption methods are available for

Group VPN and are listed in order from most secure to least secure:

Page 182 SonicWALL Internet Security Appliance Administrator's Guide

Group Descriptor

Group 1

Group 2

Group 5

DES & MD5

AES-128 & MD5

DES & SHA1

AES-128 & SHA1

3DES & MD5

AES-256 & MD5

3DES & SHA1

AES-256 & SHA1

Prime Size (bits)

768

1024

1536

Table of Contents

Security Policy Settings - SonicWALL Internet Security Appliances Administrator's Manual

Security Policy Settings

Related Manuals for SonicWALL Internet Security Appliances

Related Content for SonicWALL Internet Security Appliances

Table of Contents