Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • Replies 7 replies
  • Answers 1 answer
  • Subscribers 40 subscribers
  • Views 1986 views
  • Users 0 members are here
Options
Suggested

when will IKEv2 come for remote access?

LHerzog

When will SFOS support IKEv2 for Remote Access?

I was expecting a technical problem when I tried to enable IPSec RA and it did not allow me to select the default profile. I could not believe, this is not supported on a modern firewall.

    posted this a year ago:

NC-14133, SFSW-I-1119

in  IKEv2 



Added TAGs
[edited by: Raphael Alganes at 10:44 AM (GMT -8) on 6 Dec 2024]
Parents Reply
  • 0 in reply to PhilippRusch

    Just to be sure, i am not arguing whether IKEv2 would be helpful or useful, i am always mindful about statements like "It is required by institutes".

    The Above part is linking to an RFC Draft. It also indirectly state, you should use IKEv2 instead of IKEv1, but from what i see, this is a federal US enforcement, it does not directly prohibit IKEv1 from being used - Same for NIST certification, which would recommend using IKEv2 - But not breaking your certification, if you use IKEv1. 

    Again i am not based in US and cannot go through all documents - Stating only IKEv2 is not a prohibit of IKEv1. 

    It is always about: Do you break some kind of certification or compliance checks, by using IKEv1 - And even on most installations, i am seeing today, customers use Site to Site with IKEv1 - As peers only support IKEv1. (Even as SFOS support IKEv2 on Site-to-Site).

    Personally i think, IKEv1 as a technology will follow us all some more time - Especially as it is not considered as breached nor insecure. 

    __________________________________________________________________________________________________________________

Children
No Data
Unfiltered HTML