Network Security Management Administration Guide

Global Settings

This screen displays all the settings that can be changed or modified to the VPN Topology. The screen is categorized based on different options available for each section.

  • GLOBAL SETTINGS
    • Enable VPN - Toggle the button to enable or disable VPN.
    • Enable Fragmented Packet Handling - Toggle the button to enable or disable the breaking of packets into fragments.
    • Ignore df don't fragment bit - Toggle the button to enable or disable the packets don't need to be fragmented
  • DEAD PEER DETECTION
    • Enable VPN - Toggle the button to enable or disable VPN.
    • Dead peer Detection Interval - Enter the timeout interval (in seconds) to detect a dead Internet Key Exchange (IKE) peer. The number of seconds between “heartbeats.” The minimum is 3 seconds, the maximum is 120 seconds, and the default value is 60 seconds.
    • Failure trigger level (Missed heartbeats) - Enter the number of missed heartbeats. The minimum is 3 heartbeats, the maximum is 10, and the default value is 3. If the trigger level is reached, the VPN connection is dropped by the security appliance.
    • Enable IKE dead peer detection on idle VPN settings - Select this setting if you want idle VPN connections to be dropped by the security appliance after the time value defined in the Dead Peer Detection Interval for Idle VPN Sessions (seconds) field. The minimum time is 60 seconds, the maximum is 3600 seconds, and the default value is 600 seconds (10 minutes).
  • IKEV2 SETTINGS
    • Send IKEv2 cookie notify - Sends cookies to IKEv2 peers as an authentication tool.

    • Send IKEv2 SPF notify - Sends an invalid Security Parameter Index (SPI) notification to IKEv2 peers when an active IKE security association (SA) exists.

      • IKEv2 dynamic client proposal - SonicOS provides IKEv2 Dynamic Client Support, which provides a way to configure the Internet Key Exchange (IKE) attributes rather than using the default settings.

        Clicking the Configure button launches the Configure IKEv2 Dynamic Client Proposal dialog.

        • DH Group: Group 1, Group 2,...

          256-bit Random ECP Group

          384-bit Random ECP Group

          521-bit Random ECP Group

          192-bit Random ECP Group

          224-bit Random ECP Group

        • Encryption: DES, 3DES (default), AES-128, AES-192, AES-256.

        • Authentication : MD5, SHA1 (default), SHA256, SHA384, or SHA512.
  • OTHER SETTINGS
    • Clean up Active Tunnels when Peer Gateway DNS name resolves to a different IP address : Breaks down SAs associated with old IP addresses and reconnects to the peer gateway.

    • Send tunnel traps only when IPV4 changes : Reduces the number of VPN tunnel traps that are sent by only sending traps when the tunnel status changes.

    • Use Radius in : When using RADIUS to authenticate VPN client users, RADIUS will be used in its MSCHAP (or MSCHAPv2) mode. The primary reason for choosing to do this would be so that VPN client users can make use of the MSCHAP feature to allow them to change expired passwords at login time.
    • MSCHAP and MSCHAPv2 : Click the radio button to select the mode. Click Configure to view additional settings

      • DNS Servers - Selecting this option automatically populates the DNS and WINS settings. This option is selected by default.
      • Specify Manually- If you do not want to use the SonicWall security appliance network settings, select Specify Manually, and type the IP address of your DNS Server in the DNS Server 1 field. You can specify two additional DNS servers.
      • WINS Server - Configure a WINS server in the WINS Server 1 field. You can configure a second WINS server, also.

Was This Article Helpful?

Help us to improve our support portal

Techdocs Article Helpful form

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.