|
|
sys_attrs_ipsec(5)
Contents
|
sys_attrs_ipsec - ipsec subsystem attributes
This reference page lists and describes attributes for the
Internet Protocol Security (ipsec) kernel subsystem. Refer
to the sys_attrs(5) reference page for an introduction to
the topic of kernel subsystem attributes.
A value that enables (1) or disables (0) the ability
of IPsec to intercept packets when ipsecd is
not running. If ipsecd is not running and the
attribute is enabled, packets will be dropped. By
default, this attribute is enabled when IPsec is
started by using the normal startup procedures.
Default value: 1 (enabled)
Do not modify this attribute unless you understand
the security consequences for your system. If you
disable this attribute, you might send sensitive
traffic without IPsec protection or receive traffic
that should be blocked.
A value that enables (1) or disables (0) a system's
ability to pass traffic to and receive traffic from
a cluster interconnect interface without Internet
Protocol Security (IPsec) processing.
Default value: 1 (enabled)
We recommend that this attribute remain enabled. If
you disable this attribute, you must then configure
an IPsec policy to include the cluster interconnect
addresses. However, even with an IPsec policy configured,
it is not possible to secure all cluster
interconnect traffic with IPsec as the cluster generates
traffic before the security policy is
started. See the Network Administration: Connections
manual for more information about configuring
IPsec.
The time interval between updates of IPsec Security
Association (SA) statistics by the kernel. If you
have a very large number of SAs, increase the
stats_update_interval value to reduce the overhead
of maintaining the statistics.
Default value: 5 (seconds)
Minimum value: 1
Maximum value: 60
sys_attrs(5)
Network Administration: Connections
System Configuration and Tuning
sys_attrs_ipsec(5)
[ Back ] |
