Networks
The majority of network devices support the provision of logs via Syslog. As syslog is typically a cleartext protocol, these can be delivered to the DEFEND over an IPSec VPN
The first steps is to configure the VPN to the FoxTech Log Collector. Before on boarding, you will need to share the subnet ranges and public IP addresses of the networks to be connected.
Supported IPSec configurations are given below. The Firewalls column gives the recommended settings for a given firewall vendor.
IKE/Phase 1
Cipher:
| Key | Description | IANA | Firewall Support |
|---|---|---|---|
| aes128 | Meraki | ||
| aes256 | Meraki | ||
| aes128gcm16 or aes128gcm128 | 128 bit AES-GCM with 128 bit ICV | 20 | |
| aes256gcm16 or aes256gcm128 | 256 bit AES-GCM with 128 bit ICV | 20 |
Integrity/PRF
Not required for gcm ciphers
| Key | Description | IANA | Firewall Support |
|---|---|---|---|
| sha256 | HMAC-SHA-256-128 | 12 | Meraki |
| sha384 | HMAC-SHA-384-192 | 13 | |
| sha512 | HMAC-SHA-512-256 | 14 |
Pseudo-Random Functions
| Key | Description | IANA | Firewall Support |
|---|---|---|---|
| prfsha256 | SHA2_256 PRF | 5 | |
| prfsha384 | SHA2_384 PRF | 6 |
Diffie Hellman Groups
| Key | Description | IANA | Firewall Support |
|---|---|---|---|
| modp2048 | Regular Prime: 2048 bits | 14 | Meraki |
| ecp256 | NIST Curve: 256 bit | 19 | |
| modp3072 | Regular Prime: 3072 bits | 15 | |
| ecp384 | NIST Curve: 384 bit | 20 |
Effective security level is given as follows:
- Yellow: NCSC Legacy [must be explicitly enabled by support]
- White: NCSC Recommended
- Green: US Commercial National Security Algorithm Suite for Top Secret.
Longer key lengths can be added if required.
Phase 1 Lifetime: 86400 seconds
ESP/Phase 2
Use Ciphers and Integrity Algorithm as specified above for IKEv2/Phase 1. Optionally use DH for PFS. Phase 2 Lifetime: 28800
Remote Network
- Remote Network: 10.227.0.0/24
- Remote Peer ID: Public IP provided on onboarding
- Syslog target: 10.227.0.10