To enable and configure Virtual WAN security and encryption, do the following:
At the top of the Global tree of the Configuration Editor, click + to the left of the Virtual WAN Network Settings branch.
This opens the branch and displays the Global Security Settings configuration form.
2. Click Edit (pencil icon) to enable editing for the form.
3. Enter your global security settings.
The options are as follows:
- Network Encryption Mode – This is the encryption algorithm used for encrypted paths. Select one of the following from the drop-down menu: AES 128-Bit or AES 256-Bit.
- Enable Encryption Key Rotation – When enabled, encryption keys are rotated at intervals of 10 to 15 minutes.
- Enable Extended Packet Encryption Header – When enabled, a 16 byte encrypted counter is prepended to encrypted traffic to serve as an initialization vector, and randomize packet encryption.
- Enable Extended Packet Authentication Trailer – When enabled, an authentication code is appended to the contents of the encrypted traffic to verify that the message is delivered unaltered.
- Extended Packet Authentication Trailer Type – This is the type of trailer used to validate packet contents. Select one of the following from the drop-down menu: 32-Bit Checksum or SHA-256.
4. Click Apply to apply your settings to the configuration.
This completes the configuration of the MCN site. The next step is to name and save the new MCN site configuration (optional, but strongly recommended), as described in the following section.