SD-WAN Edge Global Security Settings

6 SD-WAN Edge Global Security Settings

The Edge Global Security Settings affect the security settings for all conduits within an SD-WAN Edge network. The Edge has the capability to use multiple types of encryption for data confidentiality as well as multiple hash algorithms to ensure data integrity. These setting determine the type of encryption used for all conduit communications.

Global Security Settings

Access the global security settings by navigating to Global, Basic Settings.

This screenshot shows the Global Security Settings page.

TRP Encryption

Set Global Security Settings as follows to enable TRP encryption.

This screenshot shows the proper config for TRP encryption.

Network Encryption Mode

The following encryption algorithms, used for conduit data, are supported:

AES 128-Bit
AES 256-Bit
GCMAES 128-Bit
GCMAES 256-Bit (default)

Enable Encryption Key Rotation

SD-WAN Edge performs periodic encryption key rotation using Elliptic Curve Diffie-Hellman exchange. By default, key rotation is enabled.

When AES 128-Bit or AES 256-Bit (CBC Encryption) are selected, additional options appear.

This screenshot shows the proper config to enable key rotation.

Enable Extended Packet Encryption Header

Extended packet encryption headers allow you to have the highest level of packet uniqueness. A counter is prefixed inside the encrypted payload to act as a rotating, cryptographically random Initialization Vector. This feature is disabled by default.

Extended Packet Authentication Trailer Type

SD-WAN Edge supports message authentication of the unencrypted packet data. The following are supported values:

32-Bit Checksum (Default)
SHA-256