| 
|  | sys_attrs_ipsec(5)Contents |  
        sys_attrs_ipsec - ipsec subsystem attributes
        This reference page lists and describes attributes for the
       Internet Protocol Security (ipsec) kernel subsystem. Refer
       to  the sys_attrs(5) reference page for an introduction to
       the topic of kernel subsystem attributes.
              A value that enables (1) or disables (0) the  ability
  of  IPsec  to intercept packets when ipsecd is
              not running. If  ipsecd  is  not  running  and  the
              attribute  is  enabled, packets will be dropped. By
              default, this attribute is enabled  when  IPsec  is
              started by using the normal startup procedures.
              Default value: 1 (enabled)
              Do  not modify this attribute unless you understand
              the security consequences for your system.  If  you
              disable  this  attribute,  you might send sensitive
              traffic without IPsec protection or receive traffic
              that should be blocked.
              A value that enables (1) or disables (0) a system's
              ability to pass traffic to and receive traffic from
              a  cluster  interconnect interface without Internet
              Protocol Security (IPsec) processing.
              Default value: 1 (enabled)
              We recommend that this attribute remain enabled. If
              you disable this attribute, you must then configure
              an IPsec policy to include the cluster interconnect
              addresses.  However, even with an IPsec policy configured,
 it is not possible to secure  all  cluster
              interconnect traffic with IPsec as the cluster generates
  traffic  before  the  security  policy   is
              started.  See  the  Network Administration: Connections
 manual for more information about configuring
              IPsec.
              The time interval between updates of IPsec Security
              Association (SA) statistics by the kernel.  If  you
              have  a  very  large  number  of  SAs, increase the
              stats_update_interval value to reduce the  overhead
              of maintaining the statistics.
              Default value: 5 (seconds)
              Minimum value: 1
              Maximum value: 60
       sys_attrs(5)
       Network Administration: Connections
       System Configuration and Tuning
                                               sys_attrs_ipsec(5)
[ Back ] |