IPset Network Segmentation Virtual Tunnel Interface (VTI) Encapsulating Security Payload (ESP) Network Address Translation (NAT) Source/Destination Check Subnet TLS Cipher Suite VPC 3DES Advanced Encryption Standard Autonomous System Border Gateway Protocol CIDR Clientpack Destination NAT Diffie-Helman Encryption Internet Key Exchange (IKE) IP Forwarding Maximum Transmission Unit (MTU) Network Sniffer OpenVPN Overlay Network Perfect Forward Secrecy (PFS) Security Association (SA) SHA SNMP Transmission Control Protocol (TCP) Transport Layer Security (TLS) User Datagram Protocol (UDP) VNS3 Peer VNS3 Routing Agent Wireguard Workforce Service Edge x509 Certificate Ipsec

Perfect Forward Secrecy (PFS)

Perfect Forward Secrecy is about reducing the risk of a private key being compromised. If a private key used for an IPsec connection is compromised, the attacker can potentially now decrypt other sessions. With PFS, a unique session key is generated for every session a user initiates. So in the case that session’s private key is compromised, it will not affect any other session. The only data compromised will be that of the specific session for which the key was generated.

If using PFS with IPsec, you specific a Diffie Helman Group for Phase 2 of the connection. Now a diffie helman exchange will occur each time a new SA is negotiated.