sys_attrs_ipsec(5)sys_attrs_ipsec(5)NAMEsys_attrs_ipsec - ipsec subsystem attributes
DESCRIPTION
This reference page lists and describes attributes for the Internet
Protocol Security (ipsec) kernel subsystem. Refer to the sys_attrs(5)
reference page for an introduction to the topic of kernel subsystem
attributes.
A value that enables (1) or disables (0) the ability of IPsec to
intercept packets when ipsecd is not running. If ipsecd is not
running and the attribute is enabled, packets will be dropped.
By default, this attribute is enabled when IPsec is started by
using the normal startup procedures.
Default value: 1 (enabled)
Do not modify this attribute unless you understand the security
consequences for your system. If you disable this attribute, you
might send sensitive traffic without IPsec protection or receive
traffic that should be blocked.
A value that enables (1) or disables (0) a system's ability to
pass traffic to and receive traffic from a cluster interconnect
interface without Internet Protocol Security (IPsec) processing.
Default value: 1 (enabled)
We recommend that this attribute remain enabled. If you disable
this attribute, you must then configure an IPsec policy to
include the cluster interconnect addresses. However, even with
an IPsec policy configured, it is not possible to secure all
cluster interconnect traffic with IPsec as the cluster generates
traffic before the security policy is started. See the Network
Administration: Connections manual for more information about
configuring IPsec.
The time interval between updates of IPsec Security Association
(SA) statistics by the kernel. If you have a very large number
of SAs, increase the stats_update_interval value to reduce the
overhead of maintaining the statistics.
Default value: 5 (seconds)
Minimum value: 1
Maximum value: 60
SEE ALSOsys_attrs(5)
Network Administration: Connections
System Configuration and Tuning
sys_attrs_ipsec(5)
