Question
We have a system that uses Pseudo-Random Functions (PRFs) by default on all our IPsec tunnels and we cannot change this option to avoid it affecting all configured IPsec tunnels. Do Clavister support PRF in some way?
Answer
Yes, with the introduction of SHA-256 and SHA-512 in version 10.21 we also support PRF. Please note that only these two integrity algorithms support PRF.
Support for SHA-384 was added in version 13.00.01 and up. Now there are three integrity algorithms available that support PRF.
Related articles
Configuring L2TP/IPsec Server using PSK
11 Jan, 2023 ipsec core vpn
11 Jan, 2023 ipsec core vpn
Fetching IPs for cOS Core IP pools from a firewall's own DHCP server
24 Mar, 2023 core ipsec ippool dhcp
24 Mar, 2023 core ipsec ippool dhcp
Setup of a Layer-3 bridge over IPsec in cOS Core
12 Apr, 2023 core proxyarp arp ipsec routing
12 Apr, 2023 core proxyarp arp ipsec routing
Configuring public certificates in NetWall firewalls
18 Mar, 2024 core certificate oneconnect ipsec vpn
18 Mar, 2024 core certificate oneconnect ipsec vpn
How to use the same network on both sides of an IPsec tunnel
23 Nov, 2022 core ipsec
23 Nov, 2022 core ipsec
cOS Core L2TP server setup with Windows Server CA certificates
21 Feb, 2023 ipsec certificate windows ca core
21 Feb, 2023 ipsec certificate windows ca core
Problem with auto-created Core routes
22 Mar, 2021 core ipsec routing
22 Mar, 2021 core ipsec routing
Certificate update in InControl global domain on certificate that is used on firewall(s)
18 Mar, 2024 core incontrol certificate oneconnect ipsec vpn
18 Mar, 2024 core incontrol certificate oneconnect ipsec vpn
Setting up OSPF with IPsec in cOS Core
16 Apr, 2024 core routing ospf ipsec
16 Apr, 2024 core routing ospf ipsec
Using "all-nets" as source/destination network in IPsec tunnels
17 Jun, 2021 core ipsec routing
17 Jun, 2021 core ipsec routing
Setting up cOS Core as an L2TP/IPsec client
8 Mar, 2023 core l2tp ipsec
8 Mar, 2023 core l2tp ipsec
cOS Core Lan to Lan IPsec tunnel setup with PSK
20 Feb, 2023 core vpn ipsec
20 Feb, 2023 core vpn ipsec
cOS Core IPsec IKEv1 "No_Proposal_Chosen" error in 14.00.10
4 Aug, 2023 core ipsec troubleshoot ike
4 Aug, 2023 core ipsec troubleshoot ike
IPsec license usage calculation
14 Apr, 2021 core license ipsec
14 Apr, 2021 core license ipsec
Does IPsecBeforeRules trigger before Access rules?
8 Sep, 2020 core ipsec rules access
8 Sep, 2020 core ipsec rules access
Split tunneling in cOS Core with Windows L2TP/IPsec clients
29 Mar, 2023 ipsec core windows vpn l2tp
29 Mar, 2023 ipsec core windows vpn l2tp
Connecting to IPsec endpoints from behind a NetWall firewall
5 Apr, 2023 ipsec core
5 Apr, 2023 ipsec core
Windows 10 IKEv2 only proposes Diffie-Hellman group 2, 1024 bit - how do I configure it to use group 14, 2048 bit?
16 Sep, 2020 vpn ipsec ikev2 windows howto dh
16 Sep, 2020 vpn ipsec ikev2 windows howto dh
Troubleshooting IPsec tunnels (IKEv1)
7 Dec, 2022 ipsec ike troubleshoot core
7 Dec, 2022 ipsec ike troubleshoot core
cOS Core IKEv2 tunnel setup with certificates for iOS clients
5 Apr, 2023 core nps ipsec radius legacy
5 Apr, 2023 core nps ipsec radius legacy
IKEv2 roaming VPN in cOS Core without client certificate installation
14 Mar, 2023 core ipsec vpn ikev2 certificate
14 Mar, 2023 core ipsec vpn ikev2 certificate
"Disabling IPsec tunnel..." warning when deploying a configuration change
23 Aug, 2022 core ipsec license memory
23 Aug, 2022 core ipsec license memory
Tunneling IPv6 over IPv4 networks using cOS Core IPsec
15 Mar, 2023 core ipsec ipv6
15 Mar, 2023 core ipsec ipv6
Freeing up more memory in the Firewall
23 Aug, 2022 core connections ipsec memory
23 Aug, 2022 core connections ipsec memory
Route failover with IPsec tunnels in cOS Core
13 Feb, 2023 ipsec core routing failover
13 Feb, 2023 ipsec core routing failover
Split tunneling with cOS Core L2TP/IPsec using an MS DHCP server
28 Mar, 2023 dhcp ipsec core
28 Mar, 2023 dhcp ipsec core