IPsec: Does cOS Core support Pseudo-Random Functions (PRFs) according to RFC-4868?
Last modified on 14 Dec, 2022. Revision 6
Explanation about PRFs support in cOS Core
Up to date for | cOS Core 14.00.7 |
Supported since | cOS Core 10.21.xx |
Status | OK |
Author | Peter Nilsson |
Question
We have a system that uses Pseudo-Random Functions (PRFs) by default on all our IPsec tunnels and we cannot change this option to avoid it affecting all configured IPsec tunnels. Do Clavister support PRF in some way?
Answer
Yes, with the introduction of SHA-256 and SHA-512 in version 10.21 we also support PRF. Please note that only these two integrity algorithms support PRF.
Support for SHA-384 was added in version 13.00.01 and up. Now there are three integrity algorithms available that support PRF.
Related articles
Configuring L2TP/IPsec Server using PSK
11 Jan, 2023 ipsec core vpn
11 Jan, 2023 ipsec core vpn
Configuring public certificates in NetWall firewalls
23 Aug, 2022 core certificate oneconnect ipsec vpn
23 Aug, 2022 core certificate oneconnect ipsec vpn
How to use the same network on both sides of an IPsec tunnel
23 Nov, 2022 core ipsec
23 Nov, 2022 core ipsec
Problem with auto-created Core routes
22 Mar, 2021 core ipsec routing
22 Mar, 2021 core ipsec routing
Using "all-nets" as source/destination network in IPsec tunnels
17 Jun, 2021 core ipsec routing
17 Jun, 2021 core ipsec routing
IPsec license usage calculation
14 Apr, 2021 core license ipsec
14 Apr, 2021 core license ipsec
Does IPsecBeforeRules trigger before Access rules?
8 Sep, 2020 core ipsec rules access
8 Sep, 2020 core ipsec rules access
Partial split tunneling when using Windows L2TP/IPsec
27 Jan, 2023 ipsec core windows vpn l2tp
27 Jan, 2023 ipsec core windows vpn l2tp
Connecting to an IPsec endpoint from behind the Firewall
1 Dec, 2022 ipsec core
1 Dec, 2022 ipsec core
Windows 10 IKEv2 only proposes Diffie-Hellman group 2, 1024 bit - how do I configure it to use group 14, 2048 bit?
16 Sep, 2020 vpn ipsec ikev2 windows howto dh
16 Sep, 2020 vpn ipsec ikev2 windows howto dh
Troubleshooting IPsec tunnels (IKEv1)
7 Dec, 2022 ipsec ike troubleshoot core
7 Dec, 2022 ipsec ike troubleshoot core
"Disabling IPsec tunnel..." warning when deploying a configuration change
23 Aug, 2022 core ipsec license memory
23 Aug, 2022 core ipsec license memory
Freeing up more memory in the Firewall
23 Aug, 2022 core connections ipsec memory
23 Aug, 2022 core connections ipsec memory
Configuring Split tunneling in L2TP/IPsec using an MS DHCP server
2 Dec, 2022 dhcp ipsec core
2 Dec, 2022 dhcp ipsec core