WatchGuard Technologies Firebox SOHO 6.1 ユーザーズマニュアル

Chapter 8: VPN—Virtual Private Networking

92

WatchGuard Firebox SOHO 6.1

13 In the Diffie-Hellman Group drop list, specify the group. 

WatchGuard supports 1 & 2.

Diffie-Hellman refers to a mathematical technique for securely negotiating 

secret keys over a public medium. Diffie-Hellman groups are collections of 

parameters used to achieve this. Group 2 is more secure than group 1, but 

requires more time to compute the keys.

14 If you choose, select the checkbox marked Enable Perfect 

Forward Secrecy.

When this option is selected, each new key that is negotiated is derived by 

a new Diffie-Hellman exchange instead of from only one Diffie-Hellman 

exchange. Enabling this option provides more security, but requires more 

time because of the additional exchange.

15 Enable the Generate IKE Keep Alive Messages checkbox to 

keep a VPN tunnel from going down because of time out 
conditions. A small amount of traffic is sent across the VPN 
tunnel to keep it alive and functioning.  If the tunnel fails for 
any reason the SOHO 6 initiates a rekey of the tunnel to restore 
it.

This checkbox is enabled by default.

16 Phase 2 setting can be left at the defaults shown or modified as 

desired. To modify Phase 2 settings, complete the following 
steps. Make sure that the Phase 2 settings on this device are the 
same as on the peer device.

17 In the Authentication Algorithm drop list, specify the 

authentication: None (no authentication), MD5-HMAC (128-bit 
authentication) or SHA1-HMCA (160-bit authentication).

18 In the Encryption Algorithm drop list, specify the type of 

encryption: None (no authentication), DES-CBC or 3DES-CBC.

19 Enter how many kilobytes until key expiration.

20 Enter how many hour until key expiration.

21 Add the IP address of the local and remote network that will 

use Phase 2 negotiation.

22 Click Submit.