Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    pfs group

    Syntax

    pfs group { 1 | 2 | 5 }

    no pfs group

    Release Information

    Command introduced before JunosE Release 7.1.0.
    IPsec Tunnel Profile mode added in JunosE Release 7.3.0.

    Description

    Configures perfect forward secrecy for connections created with this IPsec transport or tunnel profile by assigning a Diffie-Hellman prime modulus group. The no version removes PFS from the profile.

    Options

    • 1—768-bit Diffie-Hellman prime modulus group
    • 2—1024-bit Diffie-Hellman prime modulus group
    • 5—1536-bit Diffie-Hellman prime modulus group

    Mode

    IPsec Transport Profile Configuration, IPsec Tunnel Profile Configuration

    Published: 2014-08-18