- 13 May 2022
- 1 Minute to read
- Updated on 13 May 2022
- 1 Minute to read
A quick overview of how you can apply IPsec practices within your Xelon HQ Firewall Service.
IPsec is a security practice that allows you to safeguard the network connection and data by encrypting the IP packets. Within the platform, you can add encryption and authentication for one or multiple connections for public and shared networks.
Get started with IPsec
To set up IPsec, you should configure two connection sides with the same settings:
- Xelon HQ side can be configured on the interface wizard you see below. Most settings are predefined, but you can adjust them according to your needs
- The remote side needs to be configured with the same encryption settings.
Encrypted connection settings include these fields:
- Remote Gateway – public IP to connect to
- Mode – can be Tunnel or Transport
|Encryption||The whole IP packet||Payload only|
|IP packet||New IP packet with new IP header||No changes in the IP header, IP header not encrypted|
|Communication||Network-to-network, host-to-network, host-to-host||Host-to-host|
- Encryption – the encryption algorithm (AES 256bit / AES 128bit)
- Hash algorithm – the algorithm which transforms the payload into a string format (SHA1 / SHA256 / SHA384 / SHA512)
- DH group – an algorithm for key exchange (Security IKE algorithms)
- Pre-Shared key – a public key for IPsec tunnel establishment
- DH Lifetime – a period of DH group value life
- Local Network – a network of Xelon HQ instance
- Remote LAN Network – a LAN network to connect to
- Encryption – a second encryption algorithm (AES 256bit / AES 128bit)
- Hash algorithm – the algorithm with which payload will be transformed into a string format (SHA1 / SHA256 / SHA384 / SHA512)
- PFS group – an algorithm that ensures the keys are dynamic and the same key won’t be used twice. It also protects your data if the private key was exposed.
- PFS Lifetime – a period of PFS group value life
For questions regarding the Firewall IPsec Service, drop us a line at email@example.com.