Identification tab
Approved certification authorities
This table will allow you to list authorities to identify your peers within the IPsec VPN module.
| Add | When you click on this button, a window will open showing the CAs and sub-CAs that you have created earlier. Select the authorities that will enable you to check the identities of your peers, by clicking on Select. The CA or sub-CA selected will be added to the table. |
| Delete | Select the CA to be removed from the list and click on Delete. |
CA
Below this field, the added and approved certification authorities will be displayed.
Mobile tunnels: pre-shared keys (PSK)
If you had created a mobile peer using the Pre-shared key (PSK) authentication method, this table will be pre-entered.
You would have edited a key by assigning it an ID and a value (in hexadecimal or ASCII characters).
| Search | Even though the table displays all the pre-shared keys of your mobile tunnels by default, you can search by occurrence, letter or word, so that only the desired keys are displayed. |
| Add | When you click on this button, a key editor window will appear: you need to provide it with an ID, a value and confirm it. You can choose to edit characters in hexadecimal or ASCII. |
| Delete | Select the key to be removed from the list and click on Delete. |
Identity
This column displays the IDs of your pre-shared keys, which may be represented by a domain name (FQDN), an e-mail address (USER_FQDN) or an IP address.
Key
This column displays the values of your pre-shared keys in hexadecimal characters.
NOTES
- An unlimited number of pre-shared keys can be created.
- Deleting a pre-shared key that belongs to an IPsec VPN tunnel will cause this tunnel to malfunction.
- To define an ASCII pre-shared key that is sufficiently secure, you must follow the same rules for user passwords set out in the section Welcome, under the section User awareness, sub-section User password management.
Advanced properties
| Enable searching in several LDAP directories (pre-shared key or certificate modes) | When several LDAP directories have been defined, selecting this checkbox will allow the firewall to browse these directories sequentially to authenticate mobile peers. This method is available regardless of the authentication type chosen (pre-shared key or certificate). If this checkbox is not selected, the firewall will only query the directory defined by default. |
List of directories
The various directories listed will be queried according to their order in the table.
| Add | Clicking on this button will add a line to the table in the form of a drop-down list that allows selecting one of the directories defined on the firewall. This button is grayed out when all of the firewall's directories are selected. |
| Delete | Select the key to be removed from the list and click on Delete. |
| Move up | This button makes it possible to move the selected directory up the list to raise its priority when the firewall queries the list of directories. |
| Move down | This button makes it possible to move the selected directory up the list to lower its priority when the firewall queries the list of directories. |