ZyXEL Communications 35 Series, 70 Series 3.7 VPN Wizard Status Summary

ZyWALL 5/35/70 Series User’s Guide

Table 18 VPN Wizard: IPSec Setting (continued)

LABEL	DESCRIPTION

SA Life Time	Define the length of time before an IKE SA automatically renegotiates in this
(Seconds)	field. The minimum value is 180 seconds.
	A short SA Life Time increases security by forcing the two VPN gateways to
	update the encryption and authentication keys. However, every time the VPN
	tunnel renegotiates, all users accessing remote resources are temporarily
	disconnected.
Perfect Forward	Perfect Forward Secret (PFS) is disabled (None) by default in phase 2 IPSec
Secret (PFS)	SA setup. This allows faster IPSec setup, but is not so secure.
	Select DH1 or DH2 to enable PFS. DH1 refers to Diffie-Hellman Group 1 a 768
	bit random number. DH2 refers to Diffie-Hellman Group 2 a 1024 bit (1Kb)
	random number (more secure, yet slower).
Back	Click Back to return to the previous screen.

Next	Click Next to continue.

3.7 VPN Wizard Status Summary

This read-only screen shows the status of the current VPN setting. Use the summary table to check whether what you have configured is correct.

99	Chapter 3 Wizard Setup