6 SD-WAN Edge Global Security Settings
The Edge Global Security Settings affect the security settings for all conduits within an SD-WAN Edge network. The Edge has the capability to use multiple types of encryption for data confidentiality as well as multiple hash algorithms to ensure data integrity. These setting determine the type of encryption used for all conduit communications.
Global Security Settings
Access the global security settings by navigating to Global, Basic Settings.
TRP Encryption
Set Global Security Settings as follows to enable TRP encryption.
Network Encryption Mode
- AES 128-Bit
- AES 256-Bit
- GCMAES 128-Bit
- GCMAES 256-Bit (default)
Enable Encryption Key Rotation
SD-WAN Edge performs periodic encryption key rotation using Elliptic Curve Diffie-Hellman exchange. By default, key rotation is enabled.
When AES 128-Bit or AES 256-Bit (CBC Encryption) are selected, additional options appear.
Enable Extended Packet Encryption Header
Extended packet encryption headers allow you to have the highest level of packet uniqueness. A counter is prefixed inside the encrypted payload to act as a rotating, cryptographically random Initialization Vector. This feature is disabled by default.
Extended Packet Authentication Trailer Type
- 32-Bit Checksum (Default)
- SHA-256