This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
D_TK
Collaborator
‎2022-05-12 11:21 AM

s2s VPN settings

Currently have a 7 gateway "Meshed" VPN community that was configured 6 or 7 years ago.  This is all checkpoint <-> checkpoint equipment.  Currently this community runs over a private MPLS network but later this year we moving it all to direct internet connectivity.  Just wondering if these encryption suite settings are still considered strong, or should i strengthen it?   

All versions are currently r81.10 hotfix 45

thanks 

Preview file
42 KB
0 Kudos
2 Replies
Timothy_Hall
Champion
Champion
‎2022-05-12 02:34 PM

Definitely move from SHA1 to SHA256 for both phases, and you should probably increase your Diffie Hellman Group to 19+ for the supposedly more secure Elliptic Curve key calculations instead of the older MODP.  May also want to use AES-GCM-128 for Phase 2 which is slightly more efficient, unless we are talking military applications where people will literally die if someone can crack the encrypted traffic in a reasonable timeframe, then use AES-256 for Phase 2 with PFS.  These changes shouldn't cause a noticeable performance impact and I believe are a reasonable balance between performance and security in most cases.

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
D_TK
Collaborator
‎2022-05-12 03:54 PM
In response to Timothy_Hall

Thanks Tim, appreciate your advice.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events