Default Lifetimes and Proposal Values

Chapter 1 What’s New for FortiOS 5.2.1 : IPsec VPN : Default Lifetimes and Proposal Values

The default lifetimes for IKE and IPsec have been lengthened in FortiOS 5.2. The number of proposals has also increased and new default proposals have been created for Phase 1 and Phase 2. The changes are as follows:

• The default Phase1 lifetime is 86400 seconds (1 day).

• The default Phase2 lifetime is 43200 seconds (12 hours).

• The default Phase1 proposals are: aes128-sha256, aes256-sha256, 3des-sha256, aes128-sha1, aes256-sha1, and 3des-sha1.

• The default Phase2 proposals are: aes128-sha1, aes256-sha1, 3des-sha1, aes128-sha256, aes256-sha256, and 3des-sha256.

• The maximum number of proposals has been increased from 3 to 10.

• The default Diffie-Hellman (DH) group for phase1 and phase2 has changed from 5 to 14.