Default Settings for Windows Firewall with Advanced Security
Updated: January 20, 2009
Applies To: Windows 7, Windows Server 2008 R2
The tables in this topic list the default values for Internet Protocol security (IPsec) settings.
Key exchange
| Settings | Value |
|---|---|
Key lifetimes |
480 minutes/0 sessions* |
Key exchange algorithm |
Diffie-Hellman Group 2 |
Security methods (integrity) |
SHA1 |
Security methods (encryption) |
AES-128 (primary)/3-DES (secondary) |
*A session limit of zero (0) causes rekeys to be determined only by the Key lifetime (minutes) setting.
Data integrity
| Setting | Value |
|---|---|
Protocol |
ESP (primary)/AH (secondary) |
Data integrity |
SHA1 |
Key lifetimes |
60 minutes/100,000 kilobytes (KB) |
Data encryption
| Setting | Value |
|---|---|
Protocol |
ESP |
Data integrity |
SHA1 |
Data encryption |
AES-128 (primary)/3-DES (secondary) |
Key lifetimes |
60 minutes/100,000 KB |
Authentication method
Computer Kerberos version 5 authentication is the default authentication method.
How default settings work with Group Policy
Policies created using the Windows Firewall with Advanced Security snap-in and distributed with Group Policy are applied in this order:
Highest precedence Group Policy object (GPO).
Locally defined policy settings.
Service defaults, as shown in the tables in this topic.