Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
312
Views
0
Helpful
1
Replies

site-to-site with soho 91 & checkpoint

KTD1
Level 1
Level 1

‎01-06-2004 01:40 PM

I have a slew of these already working - no probs - 3des/sha Would moving to aes 128 or 256 be more/less secure - if more secure, would there be a performance hit? How about PFS - currently not using - would it add value to use, and if so, again, will there be a performance hit?

Thanks much

Labels:
0 Helpful
1 Reply 1

Rohan Padwal
Level 1
Level 1

‎02-27-2016 12:04 AM

hello 

as the encryption  algo becomes more complex the performance will decrease but this will depend on the how powerful crypto engines is on the respective device, if your crypto hardware is good it will  perform even with the PFS turned on. 

for the VPN throughput please refer the datasheets of the respective vendors

below are the references for cisco ASA

cisco encryption algo on ASA

VPN throughput for next gen firewalls

 hope that helps ;)

#Rohan

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents