Setting the PRF for an encryption profile

In VPN IKEv2 topologies, the PRF (Pseudo-random Function) is an algorithm that is negotiated during phase 1 (IKE phase) of the IPsec tunnel.

It is supported on SNS firewalls from version 4.2.3 and upwards. For lower versions, the value of the PRF is not deployed.

This algorithm can be modified for each encryption profile defined in Configuration > Encryption profiles:

  1. Double-click on the profile you want to edit.
  2. In the IKE tab of the selected profile, indicate the algorithm that must be negotiated as a PRF (Pseudo-random function field).
  3. Click on Apply to confirm the changes.

To ensure compatibility with “Diffusion Restreinte (DR)" mode, the PRF of an IKEv2 encryption profile must be set to SHA256. For more information on DR mode, refer to Using “Diffusion Restreinte” mode on SNS firewalls.