Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

VPN Site to Site Encryption Suite Best Practise

Any suggestions about the best performance/security parameters to use in a Site to Site Encryption Suite configuration ? I would stress the phase 1 and leave the phase 2 lighter....in few words

Phase 1

               Encryption Alghoritm -->  AES256

               Data Integrity --> SHA256

               DH Group     --> Group14

Phase 2

               Encryption Alghoritm -->  3DES

               Data Integrity --> SHA1

unless the other side peer complain 🐵

What do you think about it ?

 

0 Kudos
Reply
3 Replies
Advisor

Avoid 3DES as it's computationally inefficient compared to AES, and AES-NI will give you much better performance.

SHA1 shouldn't be used anymore in favor of AES256+

 

0 Kudos
Reply
Highlighted
Champion
Champion

0 Kudos
Reply
Highlighted
Champion
Champion

I recommend to differentiate between VPN Site-to-Site between Check Point gateways and with 3rd party VPN gateways.

Best practice settings (bold) for VPN with 3rd party gateways | Compatibility matrix

0 Kudos
Reply