Supported IPsec settings
For IPsec connectivity, your edge device must be configured to use Forcepoint-supported IKE tunnel negotiation and IPsec encryption settings.
You can also view the following supported IPsec settings from Forcepoint ONE SSE by navigating to the section of the primary or secondary IPsec tunnel.
| Setting | Supported (recommended in bold) |
|---|---|
| IKE version | IKEv2 |
| Ciphers |
AES-128 AES-256 |
| Digest | SHA2 256bit |
| DH Groups |
14 19 20 |
| Auth Method | Pre-shared key |
| Lifetime | 24 hours |
| PFS (Perfect Forward Secrecy) | Not supported |
| IKE ID Support |
FQDN (hostname) Public IP Address |
| Setting | Supported (recommended in bold) |
|---|---|
| Type | ESP |
| Digest | SHA2 256bit |
| Lifetime | 8 hours |
| Ciphers |
AES-GCM-128 AES-GCM-256 AES-128 AES-256 Null |