Properties

Name

Name of this interface. (Identifier)

IKEVersion

Specify which version of IKE to use for negotiations. (Default: IKEv2)

LocalAuthMethod

Authentication method used to authenticate the local endpoint to the remote endpoint.

RemoteAuthMethod

Authentication method used to authenticate remote endpoint. If not specified, the local authentication method will be used. (Optional)

IKEMode

Specifies which IKE mode to use: main or aggressive. (Default: Main)

XAuthClient

Disabled, Pass to peer gateway. (Default: Disabled)

XAuthUsername

Specifies the username to pass to the remote gateway vie IKE XAuth.

XAuthPassword

Specifies the password to pass to the remote gateway vie IKE XAuth.

AuthProfile

Specifies how the client should be authenticated.

IKEProposalList

Specifies the IKE Proposal list used with the tunnel. (Default: ike_high)

IPsecProposalList

Specifies the IPsec Proposal list used with the tunnel. (Default: ipsec_high)

ForceUDPEncap

Force UDP encapsulation of ESP packets. (Default: No)

CfgMode

Specifies how the tunnel will handle configuration payloads. (Default: Disabled)

CfgAddress

Client: Object to be assigned the internal local IP address. It can be used to NAT traffic into the tunnel. Server: Object containing internal remote IP addresses to hand out to a peer. Only suitable for smaller numbers of IP addresses. (Optional)

CfgDNS

Client: Object to be assigned the IP address of the internal DNS server if provided by the peer. Server: Object containing internal DNS server IP addresses to hand out to a peer. (Optional)

CfgDHCP

Client: Object to be assigned the IP address of the internal DHCP server if provided by the peer. Server: Object containing the internal DHCP server IP address to hand out to a peer. (Optional)

CfgNBNS

Client: Object to be assigned the IP address of the internal NBNS server if provided by the peer. Server: Object containing the internal NBNS server IP address to hand out to a peer. (Optional)

CfgSubnet

Client: Object to be assigned internal IP sub-networks if provided by the peer. Server Object containing the internal IP subnetworks to hand out to a peer. (Optional)

IKEDPDInterval

The interval which DPD messages are sent. Specified in seconds. (Default: 90s)

IKEReauthTimeSeconds

The lifetime (in seconds) of the IKE SA before a re-authentication is needed. (Default: Disabled)

IKELifeTimeSeconds

The lifetime of the IKE connection in seconds. Whenever it expires, a new phase-1 exchange will be performed. (Default: 8h)

IPsecLifeTimeSeconds

The lifetime of the IPsec connection in seconds. Whenever it's exceeded, a re-key will be initiated, providing new IPsec encryption and authentication session keys. (Default: 1h)

LocalID

Specify the local identity of the tunnel.

RemoteID

Specify the remote identity of the tunnel.

AddRouteToRemoteNetwork

Dynamically add route to the remote networks when a tunnel is established. (Default: No)

AddRouteToCfgSubnet

Dynamically add route to additional internal IP sub-networks when a tunnel is established. (Default: No)

Metric

Specifies the metric of dynamically added routes. (Default: 90)

ProxyARPInterfaces

Specifies the interfaces on which the firewall should publish routes via Proxy ARP. (Optional)

StitchInterface

Specifies the GTP tunnel that this IPsec tunnel is stitched to. (Optional)

NumClones

Sets the configured number of clones of the IPsec interface. (Optional)

IncLocalNetwork

Increases the LocalNetwork with one for each new clone. Only valid if LocalNetwork specifies a host address. (Default: No)

IncRemoteNetwork

Increases the RemoteNetwork with one for each new clone. Only valid if RemoteNetwork specifies a host address. (Default: Yes)

IncLocalEndpoint

Increases the LocalEndpoint with one for each new clone. Only valid if LocalEndpoint specifies a host address. (Default: Yes)

IncRemoteEndpoint

Increases the RemoteEndpoint with one for each new clone. Only valid if RemoteEndpoint specifies a host address. (Default: No)

IncLocalID

Increases the LocalID with one for each new clone. Only valid if LocalID specifies a IMSI. (Default: Yes)

IncXAuthUsername

Append number to XAuth user name. Only valid if XAuth is used. (Default: Yes)

IncXAuthPassword

Append number to XAuth password. Only valid if XAuth is used.. (Default: No)

IKEDSCP

Specifies the DSCP (Differentiated Services Codepoint) value to set in the IP header of IKE packets. (Default: 0)

SendMultipleTS

Whether to propose multiple traffic selectors when initiating an IKEv2 negotiation or rekey. (Default: Yes)

AutoEstablish

Keep this tunnel established regardless if any packets are sent through it. (Default: No)

LocalNetwork

The network on "this side" of the IPsec tunnel. The IPsec tunnel will be established between this network and the remote network.

RemoteNetwork

The network connected to the remote gateway. The IPsec tunnel will be established between the local network and this network.

LocalEndpoint

Specifies the IP address of the local endpoint.

RemoteEndpoint

Specifies the IP address of the remote endpoint.

CopyDSCP

Copy the DSCP (Differentiated Services Codepoint) value from the inner to the outer IP header. (Default: No)

DSCP

Specifies the DSCP (Differentiated Services Codepoint) value to set in the outer IP header. This value is ignored if copying is enabled. (Default: 0)

CopyDF

Copy the DF (Don't Fragment) value from the inner to the outer IP header. (Default: No)

DF

Specifies the DF (Don't Fragment) value of the outer IP header. This value is ignored if copying is enabled. (Default: 0)

ECN

Enable support for ECN (Explicit Congestion Notification). Allows for ECN values to be propagated from the outer to the inner IP header. Indication of congestion causes packets to be dropped for non-ECN-capable transports. (Default: No)

SourceInterface

The interface that IKE and IPsec traffic is received on. (Default: any)

OuterRoutingTable

The routing table to use for IKE and IPsec traffic. (Default: main)

MTU

Specifies the size (in bytes) of the largest packet that can be forwarded. (Default: 1500)

IPAddress

The interface's IP addresses. (Default: 0)

IP4Broadcast

The interface's IPv4 broadcast address. (Optional)

RoutingTableMembership

Interface's routing table membership. (Default: <all>)

SecurityEquivalentInterfaces

Security and transport equivalent interfaces. (Optional)

Zone

Specifies the zone that this interface is a member of. (Optional)

Comments

Text describing the current object. (Optional)