SECURITY_FLAG_QUALIFIERS
The SECURITY_FLAG_QUALIFIERS WMI property qualifier corresponds to flag values that indicate the security requirements of a target. This information is used in the Internet Key Exchange (IKE) of the IPsec authentication negotiation. These flags are derived from the portal security bitmap definition that is described in the Internet Storage Name Service (iSNS) specification that the Internet Engineering Task Force (IETF) publishes.
The following table describes the values that are associated with SECURITY_FLAG_QUALIFIERS property qualifier.
| Symbolic constant | Meaning |
|---|---|
ISCSI_SECURITY_FLAG_TUNNEL_MODE_PREFERRED |
The target requests tunnel mode. The HBA initiator should log on to the target by using IPsec tunnel mode. When this value is not set, the IPsec tunnel mode is not required. |
ISCSI_SECURITY_FLAG_TRANSPORT_MODE_PREFERRED |
The target requests transport mode. The HBA initiator should log on to targets by using IPsec transport mode. When this value is not set, the IPsec transport mode is not required. |
ISCSI_SECURITY_FLAG_PFS_ENABLED |
The HBA initiator should log on to the target with perfect forward secrecy (PFS) mode enabled. When this value is not set, the initiator HBA should make the session connection with PFS mode disabled. |
ISCSI_SECURITY_FLAG_AGGRESSIVE_MODE_ENABLED |
Aggressive mode is enabled on the target, and the HBA initiator should log on to targets with aggressive mode enabled. When this value is not set, the HBA initiator should make the session connection with aggressive mode disabled. |
ISCSI_SECURITY_FLAG_MAIN_MODE_ENABLED |
Main mode is enabled on the target, and the HBA initiator should log in to targets with main mode enabled. When not set, the HBA initiator should make the session connection with main mode disabled. |
ISCSI_SECURITY_FLAG_IKE_IPSEC_ENABLED |
IKE/IPsec is enabled on the target, and the HBA initiator should log on to targets with the IKE/IPsec protocol enabled. When this value is not set, IKE/IPsec is disabled. |
ISCSI_SECURITY_FLAG_VALID |
The iSCSI security flags specified in this bitmask are valid. When this value is not set, security flags are not specified. |