Under you will find a list of predefined profiles that you can extend with custom profiles.
Important: The predefined profiles cannot be edited or deleted.
Note: If used security profiles are changed, all related connections can be restarted in the extended list bar. Security profiles are selected in the templates and connections.
Click on 
to add a new security profile.
| Input box | Description |
|---|---|
| Name | Give the security profile a descriptive name. |
| Used in | Indicates the IPSec connections currently using this profile. |
| Data compression | If you select data compression here, it will be activated for all connections using this profile. This saves bandwidth, but it also increases the CPU load.
Important: If you enable data compression, it must also be activated at the remote site.
|
ISAKMP (IKE)
This tab is used to define security settings for the IKE phase. IKE defines how security parameters are negotiated and shared keys exchanged
| Input box | Description |
|---|---|
| IKE version | Select IKEv1 or IKEv2 |
| Encryption algorithms | From the available encryption algorithms, select the ones you want to use from the list. |
| Authentication algorithms | From the available authentication algorithms, select the ones you want to use from the list. |
| DH groups | From the available Diffie-Hellman groups, select the ones you want to use from the list. |
| SA lifetime | Enter the SA lifetime in seconds. |
| Mobile IKE (IKEv2 only) | This option is available for IKEv2 only and allows you to change IP addresses without disconnecting. |
Note: The encryption algorithms, authentication algorithms, and DH groups defined here are used in establishing the IPSec connection to negotiate an encryption-authentication combination with the remote site. The more entries are defined here, the higher the number of possible combinations.
Important: With IKEv1, the number of possible combinations is limited to just over 200. There is no limit with IKEv2.
IPSec (ESP)
Encapsulating Security Payload (ESP) provides mechanisms to ensure the authenticity, integrity and confidentiality of the transmitted IP packets. These settings thus determine the encryption and authentication algorithms used for the actual IP packets.
| Input box | Description |
|---|---|
| Encryption algorithms | From the available encryption algorithms, select the ones you want to use from the list. |
| Authentication algorithms | From the available authentication algorithms, select the ones you want to use from the list. |
| DH-Groups | From the available Diffie-Hellman groups, select the ones you want to use from the list. |
| SA lifetime | Enter the SA lifetime in seconds. |
Click on Create.
The Security profile dialog closes. The new security profile is added to the list of available security profiles in the object bar.
