Obtaining storage life cycle notices

2

For the information about life cycle notices for storage products, visit Life Cycle Notices.

Other related questions:
Time at which the USG9000 clears an IPSec SA
Both IKE SAs and IPSec SAs have lifetimes. SA lifetimes include hard lifetime and soft lifetime. The soft lifetime is about 9/10 of the hard lifetime. When the IKE SA soft lifetime expires, a new IKE SA is negotiated to replace the original IKE SA. When the hard lifetime of the original IKE SA expires, the original IKE SA is deleted, regardless of whether the replacement IKE SA is established. If the IPSec SA is established, the IPSec SA is also deleted.

Method used to configure the life cycle of the IPSec security association on USG firewalls
You can configure the lifetime of the IPSec security association on USG firewalls as follows: Configure the lifetime for the IPSec VPN security association (SA). 1. Configure the IKE SA hard lifetime. Configure the IKE SA lifetime. You can modify the per-SA lifetime instead of global lifetime. system-view //Enter the system view. ike proposal proposal-number, //Enter the IKE security proposal view. sa duration seconds, //Configure the IKE SA hard lifetime. Pay attention to the following aspects when configuring the IKE SA lifetime: a) If the hard lifetime is expired, the SA is automatically updated. The IKE negotiation needs to perform the DH calculation that consumes a long period of time. It is recommended that the lifetime be longer than 600s, to protect the security communication from being affected by the SA update. b) Before the lifetime (soft lifetime) expires, the SA negotiates with another SA to replace the old SA. Before the new SA negotiation is complete, the old SA is used. After the new SA is established, the new SA immediately takes effect, and the old SA is automatically cleared upon lifetime expiration. By default, the hard lifetime of the IKE SA is 86400s (1 day). 2. Configure the IKE SA soft lifetime. system-view //Enter the system view. ike peer peer-name //Enter the IKE Peer view. sa soft-duration time-based buffer seconds //Configure the soft lifetime of the IKE SA. This configuration is valid only to the IKEv1 protocol. a) By default, the soft lifetime is 9/10 of the hard lifetime. That is, a new SA, used to replace the old SA, is negotiated at the 9/10 length of the SA lifetime. b) After the soft lifetime is configured, if the difference between the hard lifetime and the soft lifetime is longer than 10s, the difference is used as the soft lifetime. Otherwise, the default value (9/10 of the hard lifetime) is used as the soft lifetime. display ike proposal //View the hard lifetime of the IKE SA. [USG] display ike proposal priority authentication authentication encryption Diffie-Hellman duration method algorithm algorithm group (seconds) --- 10 PRE_SHARED MD5 DES_CBC MODP_768 5000 default PRE_SHARED SHA1 AES_CBC MODP_1024 86400 display ike peer [ brief | name peer-name ] //View the soft lifetime of the IKE SA. [USG] display ike peer name b -- IKE peer: b Exchange mode: main on phase 1 Pre-shared key: %$%$biLQ*117FHI`Qe&-VY`>l%yp%$%$ Local certificate file name: Proposal: 10 Local ID type: IP Peer IP address: 202.38.169.1 VPN instance: Authentic IP address: IP address pool: Peer name: Peer domain name: VPN instance bound to the SA: NAT traversal: enable SA soft timeout buffer time: 22 seconds OCSP check: disable OCSP server URL: Applied to 1 policy: ppp1-1-isakmp

Configuring SSL VPN parameters for the USG
Configure SSL parameters. Configure the SSL version supported by the USG, encryption suite, session timeout duration, and life cycle. You can retain the default values. Procedure: system-view v-gateway v-gateway-name //Access the virtual gateway view. basic, //Access the basic virtual gateway view. ssl version { sslv30+tlsv10 | tlsv10 } //Configure the SSL version supported by the USG. By default, the USG supports SSL3.9 and TLS1.0. ssl ciphersuit { allciphersuit | custom { aes256-sha | non-aes256-sha } { des-cbc3-sha | non-des-cbc3-sha } { rc4-sha | non-rc4-sha } { rc4-md5 | non-rc4-md5 } { aes128-sha | non-aes128-sha } { des-cbc-sha | non-des-cbc-sha } } //Configure the SSL encryption suite. ssl timeout time //Configure the SSL session timeout duration. ssl lifecycle { time | no-time-limit } //Configure the SSL life cycle. ssl session-reuse enable //Enable the SSL session reuse function. Follow-up processing display ssl //View SSL configuration.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top