Export (0) Print
Expand All
Expand Minimize
This topic has not yet been rated - Rate this topic

Default Settings

Applies To: Windows Server 2008

Default settings for Windows Firewall with Advanced Security

These are the default IPsec configuration settings for connection security rules that Windows Firewall with Advanced Security uses before any configuration changes are made.

Key Exchange

 

Settings Value

Key lifetime (minutes)

480 minutes

Key lifetime (sessions)

0 sessions*

Key exchange algorithm

Diffie-Hellman Group 2

Security methods (integrity)

SHA1

Security methods (encryption)

AES-128 (primary)/3-DES (secondary)

*A session limit of zero (0) causes rekeys to be determined only by the Key lifetime (minutes) setting.

Data Integrity

 

Setting Value

Protocol

ESP (primary)/AH (secondary)

Data integrity

SHA1

Key lifetimes

60 minutes/100,000 KB

Data encryption

 

Setting Value

Protocol

ESP

Data integrity

SHA1

Data encryption

AES-128 (primary)/3-DES (secondary)

Key lifetimes

60 minutes/100,000 KB

Authentication Method

By default, computer Kerberos (Kerberos version 5 authentication) is used as the authentication method.

How default settings work with Group Policy

Policies created using the Windows Firewall with Advanced Security snap-in and distributed with Group Policy, are applied in this order of precedence:

  1. Highest precedence Group Policy object (GPO)

  2. Dynamic

  3. Local

  4. Service defaults (if no other defaults are configured)

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.