Adding and Editing VPN Sites
522 Check Point UTM-1 Edge User Guide
In this field… Do this…
Perfect Forward
Secrecy
Specify whether to enable Perfect Forward Secrecy (PFS), by selecting
one of the following:
• Enabled. PFS is enabled. The Diffie-Hellman group field is
enabled.
• Disabled. PFS is disabled. This is the default.
Enabling PFS will generate a new Diffie-Hellman key during IKE Phase 2
and renew the key for each key exchange.
PFS increases security but lowers performance. It is recommended to
enable PFS only in situations where extreme security is required.
Diffie-Hellman
group
Select the Diffie-Hellman group to use:
• Automatic. The UTM-1 appliance automatically selects a group.
This is the default.
• A specific group
A group with more bits ensures a stronger key but lowers performance.
Renegotiate every Type the interval in seconds between IPSec SA key negotiations. This is
the IKE Phase-2 SA lifetime.
A shorter interval ensures higher security.
The default value is 3600 seconds (one hour).
To Next Page
Loading...
