|
Posted by =?Utf-8?B?VGlt?= on August 28, 2008, 7:44 am
If you were Registered and logged in, you could reply and use other advanced thread options
Thanks for responding so quickly, but your answers left me with a few more
questions. For example, I'm not sure why I would create an IPSec policy I
don't plan to use. Second, how is doing nothing an attractive option when
we're taking a performance hit because of it? Also, I've read that IPSec is
supposed to be disabled by default; is that not the case and, if it is,
shouldn't I disable it until or unless I need it? I'm not trying to be
difficult; I just need to understand this stuff better. Thanks again.
"S. Pidgorny <MVP>" wrote:
> G'day,
>
> The answers: no, and by creating IPsec policy in a GPO applying to all
> servers.
>
> To elaborate on the answer to the #1: do nothing is viable and
> attractive option in your case. Only change defaults if you have good
> reasons to do so.
> --
> Svyatoslav Pidgorny, MS MVP - Security, MCSE
> -= F1 is the key =-
>
> * http://sl.mvps.org * http://msmvps.com/blogs/sp *
>
> Tim wrote:
> > I have a bunch of servers in my environment that have IPSec enabled but not
> > configured; some of theose servers are having serious performance issues,
but
> > if I stop and disable the IPSec service, the performance issues go away. I
> > have read some articles that say that IPSec should only be enabled if it's
> > going to be configured, but I'm not that familiar with IPSec. I have two
> > questions:
> >
> > 1. Is the statement that IPSec should only be enabled if it's going to be
> > configured and used a valid statement?
> >
> > 2. What's the easiest way - besides opening the IPSec Snap-In on every
> > server and checking for policies - to know whether or not a server is
> > actually using IPSec policies?
> >
> >
> > Thanks in advance for your help!
>
>
| 
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map