Setting the PRF in a custom encryption profile

In VPN IKEv2 topologies, the PRF (Pseudo-random Function) is an algorithm that is negotiated during phase 1 (IKE phase) of the IPsec tunnel.

It is supported on SNS firewalls from version 4.2.3 and upwards. For lower versions, the value of the PRF is not deployed.

SMC offers default encryption profiles that cannot be edited. You can create your own encryption profiles if you wish to customize the fields.

NOTE
To ensure compatibility with “Diffusion Restreinte (DR)" mode, the PRF of an IKEv2 encryption profile must be set to SHA256. For more information on DR mode, refer to Using “Diffusion Restreinte” mode on SNS firewalls.

To create an encryption profile and configure the PRF:

1. In Configuration > Encryption profiles, click on Create an encryption profile.
2. Enter a name and description if necessary.
3. In the IKE tab, indicate the algorithm that must be negotiated as a PRF (Pseudo-random function field).
4. Fill in the other fields. For information on the fields, refer to the SNS User guide.
5. Click on Create.