|
•
|
SonicWALL certificates—each SonicWALL appliance obtains a certificate from the SonicWALL Certificate Authority (CA). Security and authentication keys are exchanged using public-key cryptography and authenticity of each node is verified by the SonicWALL CA.
After the SA expires, the SonicWALL appliances reestablish an SA using the same public keys, but the security and authentication keys are different. If one set of security and authentication keys is compromised by an outside party, that party is unable to compromise the next set of keys. |
|
•
|
Third-party certificates—the SonicWALL appliance and peer device obtain certificates from the third-party certificate authorities. Security and authentication keys are exchanged using public-key cryptography and authenticity of each node is verified by the third-party CA.
After the SA expires, the peers reestablish an SA using the same public keys, but do not use the same security and authentication keys. |
|
•
|
Pre-shared secret—each SonicWALL appliance has a shared secret that is used to establish an SA.
After the SA expires, the SonicWALL appliances reestablish an SA using the same public keys, but do not use the same security and authentication keys. |
|
•
|
Pre-exchanged security and authentication keys—keys are exchanged in advance.
The SA always uses the same encryption and authentication keys. If the keys are compromised by an outside party, they remain compromised until the keys are changed. |
