Security Features
IPSec Defaults
Table 15.6: lists IPSec defaults. When the user creates an IPSec policy and provides the match address, an IPSec proposal with priority 1 is automatically created. When an outbound policy is specified, an inbound policy is automatically created.
Table 15.6: IPSec Default Values
Parameter Name | Foundry Default |
| Value: Site to Site and |
| Remote Access |
|
|
Key management type | Automatic |
|
|
Hash algorithm | SAH1 |
|
|
Encryption algorithm | 3DES |
|
|
Protocol | ESP |
|
|
Mode | Tunnel |
|
|
Lifetime in seconds | 3600 seconds |
|
|
Lifetime in kilobytes | 4608000 |
|
|
Direction | Out |
|
|
Position in SPD where policy | End |
added |
|
|
|
Perfect forward secrecy | Disabled |
|
|
Firewall Default Values
This section provides information about firewall default values. Each security zone can have a maximum of 1024 policies ranging from
Table 15.7: Firewall Default Policies by Security Zone
Security Zone | Incoming Firewall | Outgoing Firewall | Incoming Firewall | Outgoing Firewall |
| Policy for Transit | Policy for Transit | Policy for Self | Policy for Self |
| Traffic | Traffic | Traffic | Traffic |
|
|
|
|
|
Corp | Deny All (Implicit) | Permit All (Priority | Permit All (Priority | Permit All (Priority |
|
| 1024) | 1022) | 1023) |
|
|
|
|
|
User Created Security | Deny All | Permit All (Priority | Permit All (Priority | Permit All (Priority |
Zone |
| 1024) | 1022) | 1023) |
|
|
|
|
|
Internet | N/A | N/A | Deny All | Permit All (Priority |
|
|
|
| 1024) |
|
|
|
|
|
| Table 15.8: Firewall per policy defaults |
|
Policy Parameter
Default Value
Priority
No Default
June 2004 | © 2004 Foundry Networks, Inc. | 15 - 63 |