To help federal and government agencies meet their compliance requirements, GlobalProtect® gateways now supports standardized Internet Key Exchange version 2 (IKEv2). Standardized IKEv2 provides a more efficient connection process by using a four-message exchange instead of the eight messages required by IKEv1. This implementation includes built-in Network Address Translation (NAT) Traversal using UDP encapsulation on port 4500 and built-in health checks that automatically re-establish tunnels if a connection is interrupted. In addiiton, IKEv2 enhances resiliency against denial-of-service (DoS) attacks through improved peer validation before the system performs heavy cryptographic tasks.

For information on how to enable IKEv2 on a GlobalProtect gateway, see Configure a GlobalProtect Gateway.