When creating Edge-to-Edge IPSec tunnels, you can modify the security policy configuration settings at the Customer Configuration level.

Procedure

  1. In the Operator portal, navigate to Manage Customers.
  2. Select a customer and click Actions > Modify or click the link to the customer.
  3. In the Enterprise portal, click Configure > Customers.
  4. In the Customer Configuration page, configure the following security settings in the Security Policy area.
    1. Hash - By default, there is no Secure Hash Algorithm function configured. If you disable the Galois/Counter Mode (GCM), you can select one of the following supported Secure Hash Algorithm function from the drop-down list that appears:
      • SHA 1
      • SHA 256
    2. Encryption - AES 128-Galois/Counter Mode (GCM), AES 256-GCM, AES 128-Cipher Block Chaining (CBC) and AES 256-CBC are the encryption algorithms modes used to provide confidentiality. Select either AES 128 or AES 256 as the AES algorithms key size to encrypt data. The default encryption algorithm mode is AES 128-GCM, when the Disable GCM checkbox is not selected.
    3. DH Group - Select the Diffie-Hellman (DH) Group algorithm to be used when exchanging a pre-shared key. The DH Group sets the strength of the algorithm in bits. The supported DH Groups are 2, 5, 14, 15, and 16. It is recommended to use DH Group 14.
    4. PFS - Select the Perfect Forward Secrecy (PFS) level for additional security. The supported PFS levels are 2, 5, 14, 15, and 16. By default, PFS is disabled.
    5. Disable GCM - By default, AES 128-GCM is enabled. If needed, select the checkbox to disable this mode. Disabling the checkbox will enable AES 128-CBC mode.
  5. After configuring the settings, click Save Changes.
    Note: When you modify the security settings, the changes may cause interruptions to the current services. In addition, these settings may reduce overall throughput and increase the time required for VCMP tunnel setup, which may impact branch to branch dynamic tunnel setup times and recovery from Edge failure in a cluster.