Firewall default values, Irewall, Efault – Foundry Networks AR3202-CL User Manual

Security Features

June 2004

© 2004 Foundry Networks, Inc.

15 - 63

IPSec Defaults

Table 15.6: lists IPSec defaults. When the user creates an IPSec policy and provides the match address, an IPSec
proposal with priority 1 is automatically created. When an outbound policy is specified, an inbound policy is
automatically created.

Firewall Default Values

This section provides information about firewall default values. Each security zone can have a maximum of 1024
policies ranging from 1—1024. The maximum number of security zones supported is 25.

Table 15.6: IPSec Default Values

Parameter Name

Foundry Default
Value: Site to Site and
Remote Access

Key management type

Automatic

Hash algorithm

SAH1

Encryption algorithm

3DES

Protocol

ESP

Mode

Tunnel

Lifetime in seconds

3600 seconds

Lifetime in kilobytes

4608000

Direction

Out

Position in SPD where policy
added

End

Perfect forward secrecy

Disabled

Table 15.7: Firewall Default Policies by Security Zone

Security Zone

Incoming Firewall
Policy for Transit
Traffic

Outgoing Firewall
Policy for Transit
Traffic

Incoming Firewall
Policy for Self
Traffic

Outgoing Firewall
Policy for Self
Traffic

Corp

Deny All (Implicit)

Permit All (Priority
1024)

Permit All (Priority
1022)

Permit All (Priority
1023)

User Created Security
Zone

Deny All

Permit All (Priority
1024)

Permit All (Priority
1022)

Permit All (Priority
1023)

Internet

N/A

N/A

Deny All

Permit All (Priority
1024)

Table 15.8: Firewall per policy defaults

Policy Parameter

Default Value

Priority No

Default