- Products
- Learn
- Local User Groups
- Partners
-
More
Celebrate the New Year
With CheckMates!
Value of Security
Vendor Self-Awareness
Join Us for CPX 360
23-24 February 2021
Important certificate update to CloudGuard Controller, CME,
and Azure HA Security Gateways
How to Remediate Endpoint & VPN
Issues (in versions E81.10 or earlier)
Mobile Security
Buyer's Guide Out Now
Important! R80 and R80.10
End Of Support around the corner (May 2021)
Any suggestions about the best performance/security parameters to use in a Site to Site Encryption Suite configuration ? I would stress the phase 1 and leave the phase 2 lighter....in few words
Phase 1
Encryption Alghoritm --> AES256
Data Integrity --> SHA256
DH Group --> Group14
Phase 2
Encryption Alghoritm --> 3DES
Data Integrity --> SHA1
unless the other side peer complain 🐵
What do you think about it ?
Avoid 3DES as it's computationally inefficient compared to AES, and AES-NI will give you much better performance.
SHA1 shouldn't be used anymore in favor of AES256+
G_W_Albrecht
Refer to sk105119 - Best Practices - VPN Performance and to sk104760 - ATRG: VPN Core. For a comparison of encryption algorithm speeds, refer to sk73980 - Relative speeds of algorithms for IPsec and SSL.
Danny
I recommend to differentiate between VPN Site-to-Site between Check Point gateways and with 3rd party VPN gateways.
Best practice settings (bold) for VPN with 3rd party gateways | Compatibility matrix
About CheckMates
Learn Check Point
Advanced Learning
WELCOME TO THE FUTURE OF CYBER SECURITY