This section highlights information for existing customers about important new network security in this release.
IKEv2 can prevent most IP layer fragmentation of its messages by replacing large encrypted messages with a series of smaller encrypted messages. These smaller IKEv2 messages can traverse network devices that drop IP fragments, such as some NAT boxes and firewalls. See IKEv2 Service and Example 44, Preventing the Loss of IKEv2 Messages From Intermediate Devices.
Administrators can constrain IPsec to use a particular IKE version. See Specifying an IKE Version and Example 21, Configuring IPsec Policy to Use the IKEv2 Protocol Only.
Packet Filter supports firewall interface groups and FTP transfers through PF doing NAT.
For interface groups, see Packet Filter Macros, Tables, and Interface Groups and Example 11, PF Configuration File Using Firewall Interface Groups.
For FTP transfers through PF doing NAT, see How to Make FTP Transfers Pass Through PF Doing NAT on Oracle Solaris.