Bridge GUI Guide: Security Configuration
126
or
If you want to manually enter a 16-digit or a 32-digit
hexadecimal Access ID of your own composition:
In
New Access ID
and
Confirm Access ID
, enter the 16-
or 32-digit hexadecimal Access ID to be used by the
Bridge and its Secure Clients.
Record the Access ID in a safe place. Once you have
left the screen on which it was initially established, the
Access ID can never again be displayed.
3
Click
APPLY
in the upper right of the screen (or
RESET
screen settings to cancel your changes).
4.2 Internet Protocol Security
NOTE:
Fortress’s
IPsec function is
not yet supported on
IPv6 networks.
Fortress Bridges can be configured to secure private
communications over public networks by implementing the
IPsec protocol suite developed by the IETF (Internet
Engineering Task Force) to protect data at the Network Layer
(Layer 3) of the OSI model.
Fortress’s IPsec implementation uses:
ISAKMP (Internet Security Association and Key
Management Protocol) as defined in RFC 2408
NOTE:
Fortress de-
vices do not initi-
ate IKE v1 transactions,
but will accept IKE v1
connections from lega-
cy devices.
IKEv2 (Internet Key Exchange version 2) as defined in
RFC 4306
IPsec Tunnel Mode using ESP (Encapsulating Security
Payload) as defined in RFC 4303
Strong standards-based cryptographic algorithm suites
including:
NSA (National Security Agency) Suite B
6
:
AES-128-GCM, 16B ICV
7
AES-256-GCM, 16B ICV
Legacy AES-128-CBC (Cipher Block Chaining)
In IPsec Phase 1, ISAKMP is used to authenticate the initial
Security Association (SA)—via digital signature or pre-shared
key—and to encrypt the control channel over which IKE
messages are exchanged. The Phase 1 IKE SA secures
negotiation of the Phase 2 IPsec SAs over which network traffic
is sent and received, according to the ESP protocol, using the
specified encryption standard(s).
How IPsec is applied to traffic on the Bridge is determined by
the Security Policy Database (SPD) entries configured—per
interface—to apply a specified action to traffic selected by its
source and destination subnets.
Once the function is enabled and configured, the Bridge
functions as an IPsec gateway for the locally connected
6. Refer to Footnote 1 on page 2.
7. Advanced Encryption Standard-Galois/Counter Mode, 16-bit integrity check value