Supported IPsec settings
For IPsec connectivity, your edge device must be configured to use Forcepoint-supported IKE tunnel negotiation and IPsec encryption settings.
| Setting | Supported (recommended in bold) |
|---|---|
| IKE version | IKEv2 (RFC 7296, October 2014) |
| IKE cipher |
AES-128 AES-256 |
| IKE message digest | SHA2, length 256 |
| DH groups |
14 19 20 |
| IPsec type | ESP |
| IPsec cipher |
AES-GCM-128 AES-GCM-256 AES-128 AES-256 |
| IPsec message digest | SHA2, length 256 |
| Authentication method | Pre-shared key |
| IKE lifetime | 24 hours |
| IPsec lifetime | 8 hours |
| IKE ID support |
FQDN (hostname) Public IP address |
| Perfect Forward Secrecy (PFS) | Not supported |