Foundry Networks AR3201 User Manual
Security Features
June 2004
© 2004 Foundry Networks, Inc.
15 - 63
IPSec Defaults
Table 15.6: lists IPSec defaults. When the user creates an IPSec policy and provides the match address, an IPSec
proposal with priority 1 is automatically created. When an outbound policy is specified, an inbound policy is
automatically created.
proposal with priority 1 is automatically created. When an outbound policy is specified, an inbound policy is
automatically created.
Firewall Default Values
This section provides information about firewall default values. Each security zone can have a maximum of 1024
policies ranging from 1—1024. The maximum number of security zones supported is 25.
policies ranging from 1—1024. The maximum number of security zones supported is 25.
Table 15.6: IPSec Default Values
Parameter Name
Foundry Default
Value: Site to Site and
Remote Access
Value: Site to Site and
Remote Access
Key management type
Automatic
Hash algorithm
SAH1
Encryption algorithm
3DES
Protocol
ESP
Mode
Tunnel
Lifetime in seconds
3600 seconds
Lifetime in kilobytes
4608000
Direction
Out
Position in SPD where policy
added
added
End
Perfect forward secrecy
Disabled
Table 15.7: Firewall Default Policies by Security Zone
Security Zone
Incoming Firewall
Policy for Transit
Traffic
Policy for Transit
Traffic
Outgoing Firewall
Policy for Transit
Traffic
Policy for Transit
Traffic
Incoming Firewall
Policy for Self
Traffic
Policy for Self
Traffic
Outgoing Firewall
Policy for Self
Traffic
Policy for Self
Traffic
Corp
Deny All (Implicit)
Permit All (Priority
1024)
1024)
Permit All (Priority
1022)
1022)
Permit All (Priority
1023)
1023)
User Created Security
Zone
Zone
Deny All
Permit All (Priority
1024)
1024)
Permit All (Priority
1022)
1022)
Permit All (Priority
1023)
1023)
Internet
N/A
N/A
Deny All
Permit All (Priority
1024)
1024)
Table 15.8: Firewall per policy defaults
Policy Parameter
Default Value
Priority No
Default