Export (0) Print
Expand All

Default Settings for Windows Firewall with Advanced Security

Applies To: Windows 7, Windows Server 2008 R2

The following tables list the default values for Internet Protocol security (IPsec) settings.

Key exchange

 

Settings Value

Key lifetimes

480 minutes/0 sessions*

Key exchange algorithm

Diffie-Hellman Group 2

Security methods (integrity)

SHA1

Security methods (encryption)

AES-128 (primary)/3-DES (secondary)

*A session limit of zero (0) causes rekeys to be determined only by the Key lifetime (minutes) setting.

Data integrity

 

Setting Value

Protocol

ESP (primary)/AH (secondary)

Data integrity

SHA1

Key lifetimes

60 minutes/100,000 kilobytes (KB)

Data encryption

 

Setting Value

Protocol

ESP

Data integrity

SHA1

Data encryption

AES-128 (primary)/3-DES (secondary)

Key lifetimes

60 minutes/100,000 KB

Authentication method

Computer Kerberos version 5 authentication is the default authentication method.

How default settings work with Group Policy

Policies created using the Windows Firewall with Advanced Security snap-in and distributed with Group Policy are applied in this order:

  1. Highest precedence Group Policy object (GPO).

  2. Locally defined policy settings.

  3. Service defaults, as shown in the tables in this topic.

Additional references

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft