2.2.26. Managed FW / UTM IPsec setting value (reference)¶

For the parameters that are set by default except for the items set by the user, the following is set.

Phase1

Parameters	Values	Input / selectable
Interface	Select from below. [port4] [port5] [port6] [port7] [port8] [port9] [port10]	○
Remote Gateway	(User input)	○
IP version	IPv4	×
IKE version	IKEv1	×
Proposal	Select from below. [aes128-sha256] [aes128-sha384] [aes128-sha512] [aes192-sha256] [aes192-sha384] [aes192-sha512] [aes256-sha256] [aes256-sha384] [aes256-sha512]	○
DH Group	Select from below. [14] [15] [16] [17] [18] [19] [20] [21] [27] [28] [29] [30] [31]	○
Keylife	86400 seconds	×
Authmethod	Pre-shared key	×
Preshared Key	(User input)	○
Mode	main mode	×
Auto Negotiate	Enabled	×
Negotiate Timeout	30 seconds	×
DPD（Dead Peer Detection）	Enabled	×
DPD retrycount	3 times	×
DPD retryinterval	5 seconds	×
NAT Traversal	Enabled	×
NAT Traversal Keepalive	10 seconds	×

Note

In IPsec VPN, NAT traversal is supported by default. Therefore, IPsec communication is possible even in a configuration where NAT equipment exists between Managed Firewall / UTM. However, it is necessary to satisfy the following requirements.
- There is no problem with IP connectivity between Managed Firewall / UTM.
- UDP / port number: 500, UDP / port number: 4500, and IP / protocol number: 50 are allowed to communicate from Initiator to Responder

Phase2

Parameters	Values	Input / selectable
Proposal	Select from below. [aes128-sha256] [aes128-sha384] [aes128-sha512] [aes192-sha256] [aes192-sha384] [aes192-sha512] [aes256-sha256] [aes256-sha384] [aes256-sha512]	○
DH Group	Select from below. [14] [15] [16] [17] [18] [19] [20] [21] [27] [28] [29] [30] [31]	○
Encapsulation	tunnel mode	×
Keylife	43200 seconds	×
Auto Negotiate	Enabled	×
Keepalive	Enabled	×
PFS（Perfect Forward Security）	Enabled	×
Anti Replay Check	Enabled	×

2.2.27. Setting upper limit of Object