Given that the conversion tool ignores this completely, I am having trouble deciphering how to translate this line from my SSG.
basically I have this
set ike p2-proposal "nopfs-esp-aes256-sha" no-pfs esp aes256 sha-1 second 28800
which I'm guessing should translate to something like this on the SRX
proposal nopfs-esp-aes256-sha {
authentication-algorithm hmac-sha1-96;
encryption-algorithm aes-256-cbc;
lifetime-seconds 28800;
}but what I am unsure of is how "no-pfs" enters the picture. I'm guessing with this command missing, that it just is a default of nothing? Has anyone encountered this? thanks for any help. Docomentation says nothing on the SRX about "NO" pfs so I am confused.