Share via


Default Settings

Applies To: Windows Server 2008

Default settings for Windows Firewall with Advanced Security

These are the default IPsec configuration settings for connection security rules that Windows Firewall with Advanced Security uses before any configuration changes are made.

Key Exchange
Settings Value

Key lifetime (minutes)

480 minutes

Key lifetime (sessions)

0 sessions*

Key exchange algorithm

Diffie-Hellman Group 2

Security methods (integrity)

SHA1

Security methods (encryption)

AES-128 (primary)/3-DES (secondary)

*A session limit of zero (0) causes rekeys to be determined only by the Key lifetime (minutes) setting.

Data Integrity
Setting Value

Protocol

ESP (primary)/AH (secondary)

Data integrity

SHA1

Key lifetimes

60 minutes/100,000 KB

Data encryption
Setting Value

Protocol

ESP

Data integrity

SHA1

Data encryption

AES-128 (primary)/3-DES (secondary)

Key lifetimes

60 minutes/100,000 KB

Authentication Method

By default, computer Kerberos (Kerberos version 5 authentication) is used as the authentication method.

How default settings work with Group Policy

Policies created using the Windows Firewall with Advanced Security snap-in and distributed with Group Policy, are applied in this order of precedence:

  1. Highest precedence Group Policy object (GPO)

  2. Dynamic

  3. Local

  4. Service defaults (if no other defaults are configured)