Identification tab

Approved certification authorities

You can list the authorities that allow you to identify your peers within the IPsec VPN module.

Add When you click on this button, a window will open showing the CAs and sub-CAs that you have created earlier.
Select the authorities that will enable you to check the identities of your peers, by clicking on Select. The CA or sub-CA selected will be added to the table.
Delete Select the CA to be removed from the list and click on Delete.

As for the columns in the grid:

CA Shows the added and approved certification authorities.

Mobile tunnels: pre-shared keys

If you had created a mobile peer using the Pre-shared key (PSK) authentication method, this table will be pre-entered.

You would have edited a key by assigning it an ID and a value (in hexadecimal or ASCII characters).

Search Even though the table displays all the pre-shared keys of your mobile tunnels by default, you can search by occurrence, letter or word, so that only the desired keys are displayed.
Add When you click on this button, a key editor window will appear: you need to provide it with an ID, a value and confirm it.
You can choose to edit characters in hexadecimal or ASCII.
Delete Select the key to be removed from the list and click on Delete.

As for the columns in the grid:

Identity Displays the IDs of your pre-shared keys, which may be represented by a domain name (FQDN), an e-mail address (USER_FQDN) or an IP address.
Key Displays the values of your pre-shared keys in hexadecimal characters.
NOTES
  • An unlimited number of pre-shared keys can be created.
  • Deleting a pre-shared key that belongs to an IPsec VPN tunnel will cause this tunnel to malfunction.
  • To define an ASCII pre-shared key that is sufficiently secure, you must follow the same rules for user passwords set out in the section Welcome, under the section User awareness, sub-section User password management.

Advanced properties

Enable searching in several LDAP directories (pre-shared key or certificate modes) When several LDAP directories have been defined, selecting this checkbox will allow the firewall to browse these directories sequentially to authenticate mobile peers. This method is available regardless of the authentication type chosen (pre-shared key or certificate).
If this checkbox is not selected, the firewall will only query the directory defined by default.

List of directories

The various directories listed will be queried according to their order in the table.

Add Clicking on this button will add a line to the table in the form of a drop-down list that allows selecting one of the directories defined on the firewall.
This button is grayed out when all of the firewall's directories are selected.
Delete Select the key to be removed from the list and click on Delete.
Move up This button makes it possible to move the selected directory up the list to raise its priority when the firewall queries the list of directories.
Move down This button makes it possible to move the selected directory up the list to lower its priority when the firewall queries the list of directories.