Enabling DR mode on firewalls in SNS version 4.2 (or higher) without existing IPsec configurations

To enable DR mode on firewalls in SNS version 4.2 (or higher) and in factory configuration or without existing IPsec policies:

  1. Refer to the section Assessing the impact of implementing DR mode (SNS version 4.2 and higher),
  2. Ensure the compliance of the firewall’s configuration with DR mode in SNS v4.2 (or higher),
  3. In Configuration > General configuration tab > Cryptographic settings, select Enable “ANSSI Diffusion Restreinte (DR)” mode to enable DR mode.

If the newly configured IPsec policy on the firewall uses parameters that are incompatible with DR mode in SNS 4.2 (or higher), enabling DR mode will disable this IPsec policy and display the warning message:
“ANSSI Diffusion Restreinte mode disabled the non-compliant VPN configuration”.

When “ANSSI Diffusion Restreinte (DR)” mode is enabled, the firewall must be restarted to apply the change.