ICMPSendPerSecLimit
Maximum number of ICMP responses that will be sent each
second. (Default: 500)
SilentlyDropStateICMPErrors
Silently drop ICMP errors regarding statefully tracked open
connections. (Default: Yes)
Note
This object type does not have an identifier and is identified by the name of the type
only. There can only be one instance of this type.
3.55.10. IPsecTunnelSettings
Description
Settings for the IPsec tunnel interfaces used for establishing IPsec VPN connections to and from this
system.
Properties
IPsecMaxTunnels
Amount of IPsec tunnels allowed (0 = automatic). (Default:
0)
IPsecMaxRules
Amount of IPsec rules allowed (0 = automatic). (Default: 0)
IKESendInitialContact
Send 'initial contact' messages. (Default: Yes)
IKESendCRLs
Send CRLs in the IKE exchange. (Default: Yes)
IKECRLValidityTime
Maximum number of seconds a CRL is considered valid
(0=obey the 'next update' field in the CRL). (Default: 86400)
IKEMaxCAPath
Maximum number of CA certificates in a certificate path.
(Default: 15)
IPsecCertCacheMaxCerts
Maximum number of entries in the certificate cache. (Default:
1024)
IPsecBeforeRules
Pass IKE & IPsec (ESP/AH) traffic sent to the security gate-
way directly to the IPsec engine without consulting the rule-
set. (Default: Yes)
IPsecGWNameCacheTime
Amount of time to keep an IPsec tunnel open when the re-
mote DNS name fails to resolve. (Default: 14400)
DPDMetric
Metric 10s of seconds with no traffic or other evidence of life
in tunnel before SA is removed. (Default: 3)
DPDKeepTime
Number 10s of seconds a SA will remain in dead cache after
a delete. DPD will not trigger if peer already is cached as
dead. (Default: 2)
DPDExpireTime
Number of seconds that DPD-R-U-THERE messages will be
sent. (Default: 15)
IPsecHardwareAcceleration
IPsec hardware acceleration. (Default: Inline)
IPsecDisablePKAccel
Disable hardware acceleration for public-key operations.
3.55.10. IPsecTunnelSettings
Chapter 3. Configuration Reference
192