Default Settings
Applies To: Windows Server 2008
Default settings for Windows Firewall with Advanced Security
These are the default IPsec configuration settings for connection security rules that Windows Firewall with Advanced Security uses before any configuration changes are made.
Key Exchange
| Settings | Value |
|---|---|
Key lifetime (minutes) |
480 minutes |
Key lifetime (sessions) |
0 sessions* |
Key exchange algorithm |
Diffie-Hellman Group 2 |
Security methods (integrity) |
SHA1 |
Security methods (encryption) |
AES-128 (primary)/3-DES (secondary) |
*A session limit of zero (0) causes rekeys to be determined only by the Key lifetime (minutes) setting.
Data Integrity
| Setting | Value |
|---|---|
Protocol |
ESP (primary)/AH (secondary) |
Data integrity |
SHA1 |
Key lifetimes |
60 minutes/100,000 KB |
Data encryption
| Setting | Value |
|---|---|
Protocol |
ESP |
Data integrity |
SHA1 |
Data encryption |
AES-128 (primary)/3-DES (secondary) |
Key lifetimes |
60 minutes/100,000 KB |
Authentication Method
By default, computer Kerberos (Kerberos version 5 authentication) is used as the authentication method.
How default settings work with Group Policy
Policies created using the Windows Firewall with Advanced Security snap-in and distributed with Group Policy, are applied in this order of precedence:
Highest precedence Group Policy object (GPO)
Dynamic
Local
Service defaults (if no other defaults are configured)