According to the help file within the Sophos UTM 220, acceptable values for SA Lifetime are:
IKE
Valid values are between 60 sec and 28800 sec (8 hrs). The default value is 7800 seconds
IPSec
Valid values are between 60 sec and 86400 sec (1 day). The default value is 3600 seconds.
From everything I gathered, the Lifetime for IKE ( Phase 1 ) should ALWAYS be greater than the Lifetime for IPSec.
If that is true, Why does the help file indicate IPSec has a vlaid range to 86400 and IKE a valid range to only 28800 ?
Is it simply the help file is BACKWARDS ?
Other products indicate a preferred value of IKE (Phase1) Lifetime of 86400.
On most of my VPN connections ( more than 100 ) I am using a value of 28800 for Phase1 (IKE) and 86400 for Phase2 ( IPSec).
Apparently I have been doing this wrong.
Phase2 should be less that Phase1 ; so I should flip the values and disregard the help file.
Is Phase1(IKE) of 86400 and Phase2(IPSec) 28800 an ok setting ?
The default of 7800 and 3600 seem to short too me.
Thanks
This thread was automatically locked due to age.