“Identification” tab

Approved certificate authorities

This table will allow you to list the authorities in order to identify your peers within the IPSec VPN module.

Add

When you click on this button, a window will open showing the CAs and sub-CAs that you have created earlier.

 

Select the authorities that will enable you to check the identities of your peers, by clicking on Select. The CA or sub-CA selected will be added to the table.

Delete

Select the CA to be removed from the list and click on Delete.

CA

Below this field, the added and approved certificate authorities will be displayed.

Mobile tunnels: pre-shared keys

If you had created a mobile peer using the Pre-shared key (PSK) authentication method, this table will be pre-entered.

You would have edited a key by assigning it an ID and a value (in hexadecimal or ASCII characters).

Search

Even though the table displays all the pre-shared keys of your mobile tunnels by default, you can search by occurrence, letter or word, so that only the desired keys are displayed.

Add

When you click on this button, a key editor window will appear: you need to provide it with an ID, a value and confirm it.

 

You can choose to edit characters in hexadecimal or ASCII.

Delete

Select the key to be removed from the list and click on Delete.

Identity

This column displays the IDs of your pre-shared keys, which may be represented by a domain name (FQDN), an e-mail address (USER_FQDN) or an IP address.

Key

This column displays the values of your pre-shared keys in hexadecimal characters.

REMARKS

An unlimited number of pre-shared keys can be created.

 

Deleting a pre-shared key that belongs to an IPSec VPN tunnel will cause this tunnel to malfunction.

 

NOTE

To define an ASCII pre-shared key that is sufficiently secure, it is absolutely necessary to follow the same rules for user passwords set out in the section Welcome, under the section User awareness, sub-section User password management.

Advanced configuration

Enable searching in several LDAP directories (pre-shared key or certificate modes)

When several LDAP directories have been defined, selecting this checkbox will allow the firewall to browse these directories sequentially to authenticate mobile peers. This method is available regardless of the authentication type chosen (pre-shared key or certificate).

 

If this checkbox is not selected, the firewall will only query the directory defined by default.

List of directories

The various directories listed will be queried according to their order in the table.

Add

Clicking on this button will add a line to the table in the form of a drop-down list that allows selecting one of the directories defined on the firewall.

 

This button is grayed out when all of the firewall's directories are selected.

Delete

Select the key to be removed from the list and click on Delete.

Move up This button makes it possible to move the selected directory up the list to raise its priority when the firewall queries the list of directories.
Move down This button makes it possible to move the selected directory up the list to lower its priority when the firewall queries the list of directories.