[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [FW1] IKE and IPSEC regeneration key period
Title: RE: [FW1] IKE and IPSEC regeneration key period
What do you mean by IPSEC period? Which key are you referring to? Do you mean the session key?
-----Original Message-----
From: Jason Costomiris [mailto:[email protected]]
Sent: Monday, March 19, 2001 8:45 PM
To: Arie Gilboa
Cc: '[email protected]'
Subject: Re: [FW1] IKE and IPSEC regeneration key period
On Mon, Mar 19, 2001 at 10:40:15AM +0200, Arie Gilboa wrote:
: The default values for IKE and IPSEC re-generation key period, in FW1, seem
: to me too long.
: I would like to reduce, IPSEC period to 15 Minutes. Is there any problem
: with doing it ?.
: Any recommendation ?.
I agree. THe default key lengths can be a bit long, particularly the IKE
default (86400 seconds). I usually use the seemingly more "standard"
(i.e. widely used) values of 28800 seconds for IKE (8 hours) and 3600
seconds (1 hour) for IPSec...
--
Jason Costomiris <>< | Technologist, geek, human.
jcostom {at} jasons {dot} org | http://www.jasons.org/
Quidquid latine dictum sit, altum viditur.
My account, My opinions.
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================