Changing SSLVPN Encryption Setting
I´m considering to change the SSLVPN Encryption from SHA-256 / AES-256 to AES-GCM-256 because ist is more safety and should be faster.
I use a M290 Cluster and 2FA is activated. Will there a benefit to change this setting and is it really faster?
What will happen when I change this setting? Are all users who are using the SSLVPN client still able to connect? Whats will happen to the users which are using the ovpn-file on android or linux? Do they have to change something?
0
Sign In to comment.
Comments
Concurrent sessions would be disconnected because of your change.
It is the most reliable approach to update the open vpn profile for those android or linux users
This WG video from 2020 recommends changing to AES-CGM
Optimize Mobile VPN with SSL
https://watchguard.us13.list-manage.com/track/click?u=1bcb692e17a1463ca874e0ce2&id=17a9d1168a&e=cae878f58b
I have been using AES-CGM for SSLVPN since 2020.
If the users are using the WatchGuard SSLVPN client, they'll just see a prompt to enter their password again to pull down the new VPN profile.
If users are using OpenVPN, you'll need to generate a new ovpn file after making the change, and import it into those clients' OpenVPN config.
Performance between AES-GCM-256 and SHA256/AES256 will generally be similar under most circumstances. Data transfer speeds will vary depending on what type of traffic you're sending and other environmental factors such as latency, packet loss, and others.
-James Carson
WatchGuard Customer Support