VPN > IPsec > Settings

On this window, you configure basic VPN settings.

 

  • Enable IPsec VPN — Select to enable IPsec VPNs or clear to disable the VPNs. With the IPsec VPNs disabled, all traffic that passes through the Threat Management Services (TMS) zl Module is transmitted in plain text. Default: enabled.

 

A default IPsec policy prevents all traffic from being encrypted by the VPN engine; therefore, all IPsec policies that you configure must have a higher priority than this default policy.

  • ICMP Internet Control Message Protocol Message Handling

  • Send ICMP error messages — When enabled, the TMS zl Module will return an ICMP  error message when it receives bad data. Default: enabled.

  • Handle ICMP error messages — When enabled, the TMS zl Module will accept incoming ICMP error messages. Default: enabled.

  • Security Associations (SA) Settings

  • Maximum SAs per Policy — The maximum number of SAs is restricted by memory, not processor speed. You can configure as many as 10,000, though there can be only 4800 concurrent connections. Default: 10,000.

  • Auto SA Revalidation — Auto SA revalidation automatically continues an SA after the time or bandwidth limit expires. It also reduces the amount of processing needed to maintain an SA when a policy change is made during a VPN session. Default: enabled.

  • Minimum packet size for IP compression — The header of any packet that is larger than the specified size will be compressed. In tunnel mode, the IP header is compressed, and in transport mode, the transport header is compressed. Default: 1500.