Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4570
Views
5
Helpful
1
Replies

When use Perfect Forward Secrecy (PFS)

parkerTod
Level 1
Level 1

‎01-05-2012 02:24 AM

Hi all,

  When It Is Suggested use the Perfect Forward Secrecy (PFS)?

I would like to know if it's appropriate use of Perfect Forward Secrecy (PFS) in a scenario where the VPN based on Dynamic-to-Static IP address?

Any best practice are welcome!

Best regards

Labels:
0 Helpful
1 Reply 1

ajay chauhan
Level 7
Level 7

‎01-05-2012 03:46 AM

PFS will ensure the same key will not be generated again, so forcing a new diffie-hellman key exchange. This would ensure if a hacker\criminal was to compromise a private key, they would only be able to access data in transit protected by that key and not any future data, as future data would not be associated with that compromised key.

Note - PFS mode is supported only between Gateways, not between Gateways and remote access clients.

It is not mandatory to use PFS but a extra security layer.

Thanks

Ajay

Customers Also Viewed These Support Documents