- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What differance/impact does it make when we change dh-param value under config system global?
Hello Team,
Please help me to understand can it stop the working IPSec VPN tunnels with lower enc-proto when we increase the default value from 2048 to upper side?
Has anyone tested it real time?
https://docs.fortinet.com/document/fortigate/7.0.0/best-practices/555436/hardening
Thanks & Regards,
Jaywant
- Labels:
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The resource usage certainly increases, and is especially visible in lower-end units.
But this is not caused by the key size, but the DH-group. Higher group = more secure = longer key size (default is group 14 with a key of 2048b).
Does it stop working IPSEC VPN tunnels? > The DH groups must match. So if you chose (only)DH group 5 in one device and (only) DH-14 in another, they will not work. But I think the key size can only be a problem if the remote device does not support longer keys (doesn't expect or can't process them)
- Toss a 'Like' to your fixxer, oh Valley of Plenty! and chose the solution, too00oo -
