Export (0) Print
Expand All

Default Settings for Windows Firewall with Advanced Security

Published: January 20, 2009

Updated: January 20, 2009

Applies To: Windows 7, Windows Server 2008 R2

The tables in this topic list the default values for Internet Protocol security (IPsec) settings.

 

Settings Value

Key lifetimes

480 minutes/0 sessions*

Key exchange algorithm

Diffie-Hellman Group 2

Security methods (integrity)

SHA1

Security methods (encryption)

AES-128 (primary)/3-DES (secondary)

*A session limit of zero (0) causes rekeys to be determined only by the Key lifetime (minutes) setting.

 

Setting Value

Protocol

ESP (primary)/AH (secondary)

Data integrity

SHA1

Key lifetimes

60 minutes/100,000 kilobytes (KB)

 

Setting Value

Protocol

ESP

Data integrity

SHA1

Data encryption

AES-128 (primary)/3-DES (secondary)

Key lifetimes

60 minutes/100,000 KB

Computer Kerberos version 5 authentication is the default authentication method.

Policies created using the Windows Firewall with Advanced Security snap-in and distributed with Group Policy are applied in this order:

  1. Highest precedence Group Policy object (GPO).

  2. Locally defined policy settings.

  3. Service defaults, as shown in the tables in this topic.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft