Firewall IPsec
  • 13 May 2022
  • 1 Minute to read
  • Dark
    Light
  • PDF

Firewall IPsec

  • Dark
    Light
  • PDF

What's inside

A quick overview of how you can apply IPsec practices within your Xelon HQ Firewall Service.

IPsec is a security practice that allows you to safeguard the network connection and data by encrypting the IP packets. Within the platform, you can add encryption and authentication for one or multiple connections for public and shared networks.

Get started with IPsec

To set up IPsec, you should configure two connection sides with the same settings:

  1. Xelon HQ side can be configured on the interface wizard you see below. Most settings are predefined, but you can adjust them according to your needs
  2. The remote side needs to be configured with the same encryption settings.

Encrypted connection settings include these fields:

Phase 1

phase1.png

  • Remote Gateway – public IP to connect to
  • Mode – can be Tunnel or Transport

Modes

Tunnel Transport
Encryption The whole IP packet Payload only
IP packet New IP packet with new IP header No changes in the IP header, IP header not encrypted
Communication Network-to-network, host-to-network, host-to-host Host-to-host
  • Encryption – the encryption algorithm (AES 256bit / AES 128bit)
  • Hash algorithm – the algorithm which transforms the payload into a string format (SHA1 / SHA256 / SHA384 / SHA512)
  • DH group – an algorithm for key exchange (Security IKE algorithms)
  • Pre-Shared key – a public key for IPsec tunnel establishment
  • DH Lifetime – a period of DH group value life

Phase 2

phase2.png

  • Local Network – a network of Xelon HQ instance
  • Remote LAN Network – a LAN network to connect to
  • Encryption – a second encryption algorithm (AES 256bit / AES 128bit)
  • Hash algorithm – the algorithm with which payload will be transformed into a string format (SHA1 / SHA256 / SHA384 / SHA512)
  • PFS group – an algorithm that ensures the keys are dynamic and the same key won’t be used twice. It also protects your data if the private key was exposed.
  • PFS Lifetime – a period of PFS group value life

Need some assistance?

For questions regarding the Firewall IPsec Service, drop us a line at contact@xelon.ch.


Was this article helpful?