F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices System Management and Maintenance Command Reference-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

221

222

223

224

225

226

227

228

229

230

219

• sha1: Specifies the HMAC algorithm hmac-sha1.

• sha1-96: Specifies the HMAC algorithm hmac-sha1-96.

prefer-kex: Specifies the preferred key exchange algorithm. The default is dh-group-exchange in

non-FIPS mode, and is dh-group14 in FIPS mode.

• dh-group-exchange: Specifies the key exchange algorithm diffie-hellman-group-exchange-sha1.

• dh-group1: Specifies the key exchange algorithm diffie-hellman-group1-sha1.

• dh-group14: Specifies the key exchange algorithm diffie-hellman-group14-sha1.

prefer-stoc-cipher: Specifies the preferred encryption algorithm from server to client, defaulted to

aes128.

prefer-stoc-hmac: Specifies the preferred HMAC algorithm from server to client, defaulted to sha1-96.

Usage guidelines

When the server adopts publickey authentication to authenticate a client, the client must get the local

private key for digital signature. In non-FIPS mode, because the publickey authentication uses either RSA

or DSA algorithm, you must specify the public key algorithm of the client (by using the identity-key

keyword) in order to get the correct local private key.

In non-FIPS mode, the default algorithms are as follows:

• The public key algorithm is dsa.

• The preferred encryption algorithm from client to server is aes128.

• The preferred HMAC algorithm from client to server is sha1-96.

• The preferred key exchange algorithm is dh-group-exchange.

• The preferred encryption algorithm from server to client is aes128.

• The preferred HMAC algorithm from server to client is sha1-96.

In FIPS mode, the default algorithms are as follows:

• The public key algorithm is rsa.

• The preferred encryption algorithm from client to server is aes128.

• The preferred HMAC algorithm from client to server is sha1-96.

• The preferred key exchange algorithm is dh-group14.

• The preferred encryption algorithm from server to client is aes128.

• The preferred HMAC algorithm from server to client is sha1-96.

The following matrix shows the sftp ipv6 command and firewalls and UTM devices compatibility:

Hardware Command com

atible

F1000-A-EI/F1000-S-EI Yes

F1000-E Yes

F5000 Yes

Firewall module Yes

U200-A Yes

U200-S No