Supported IPsec settings

For IPsec connectivity, your edge device must be configured to use Forcepoint-supported IKE tunnel negotiation and IPsec encryption settings.

You can also view the following supported IPsec settings from Forcepoint ONE SSE by navigating to the Analyze > Tunnels > Setup Info > Supported Settings section of the primary or secondary IPsec tunnel.

Table 1. IKE Parameters
Setting Supported (recommended in bold)
IKE version IKEv2
Ciphers

AES-128

AES-256

Digest SHA2 256bit
DH Groups

14

19

20

Auth Method Pre-shared key
Lifetime 24 hours
PFS (Perfect Forward Secrecy) Not supported
IKE ID Support

FQDN (hostname)

Public IP Address

Table 2. IPsec Parameters
Setting Supported (recommended in bold)
Type ESP
Digest SHA2 256bit
Lifetime 8 hours
Ciphers

AES-GCM-128

AES-GCM-256

AES-128

AES-256

Null