- Foundry Router User Guide
Security Features
June 2004 © 2004 Foundry Networks, Inc. 15 - 63
IPSec Defaults
Table 15.6: lists IPSec defaults. When the user creates an IPSec policy and provides the match address, an IPSec
proposal with priority 1 is automatically created. When an outbound policy is specified, an inbound policy is
automatically created.
Firewall Default Values
This section provides information about firewall default values. Each security zone can have a maximum of 1024
policies ranging from 1—1024. The maximum number of security zones supported is 25.
Table 15.6: IPSec Default Values
Parameter Name Foundry Default
Value: Site to Site and
Remote Access
Key management type Automatic
Hash algorithm SAH1
Encryption algorithm 3DES
Protocol ESP
Mode Tunnel
Lifetime in seconds 3600 seconds
Lifetime in kilobytes 4608000
Direction Out
Position in SPD where policy
added
End
Perfect forward secrecy Disabled
Table 15.7: Firewall Default Policies by Security Zone
Security Zone Incoming Firewall
Policy for Transit
Traffic
Outgoing Firewall
Policy for Transit
Traffic
Incoming Firewall
Policy for Self
Traffic
Outgoing Firewall
Policy for Self
Traffic
Corp Deny All (Implicit) Permit All (Priority
1024)
Permit All (Priority
1022)
Permit All (Priority
1023)
User Created Security
Zone
Deny All Permit All (Priority
1024)
Permit All (Priority
1022)
Permit All (Priority
1023)
Internet N/A N/A Deny All Permit All (Priority
1024)
Table 15.8: Firewall per policy defaults
Policy Parameter Default Value
Priority No Default