IPSEC IKEv2 phase1 encryption algorithm

Leave a reply

IKEv2 phase1 encryption algorithm

The default encryption algorithm is:

aes128-sha256 aes256-sha256 aes128gcm-prfsha256 aes256gcm-prfsha384 chacha20poly1305-prfsha256

DES is a symmetric-key algorithm which means the same key is used for encrypting and decrypting data. FortiGate supports:

  • des-md5 l des-sha1 l des-sha256 l des-sha384 l des-sha512

3DES apply DES algorithm three times to each data. FortiGate supports:

  • 3des-md5 l 3des-sha1 l 3des-sha256 l 3des-sha384 l 3des-sha512

AES is a symmetric-key algorithm with different key length: 128, 192, and 256 bits. FortiGate supports:

  • aes128-md5 l aes128-sha1 l aes128-sha256 l aes128-sha384 l aes128-sha512 l aes128gcm-prfsha1 l aes128gcm-prfsha256 l aes128gcm-prfsha384 l aes128gcm-prfsha512 l aes192-md5 l aes192-sha1 l aes192-sha256 l aes192-sha384 l aes192-sha512 l aes256-md5 l aes256-sha1 l aes256-sha256 l aes256-sha384 l aes256-sha512 l aes256gcm-prfsha1 l aes256gcm-prfsha256 aes256gcm-prfsha384 aes256gcm-prfsha512

The ARIA algorithm is based on AES with different key length: 128, 192, and 256 bits. FortiGate supports:

  • aria128-md5 l aria128-sha1 l aria128-sha256 l aria128-sha384 l aria128-sha512 l aria192-md5 l aria192-sha1 l aria192-sha256 l aria192-sha384 l aria192-sha512 l aria256-md5 l aria256-sha1 l aria256-sha256 l aria256-sha384 l aria256-sha512

In chacha20poly1305 encryption algorithm, FortiGate supports:

  • chacha20poly1305-prfsha1 l chacha20poly1305-prfsha256 l chacha20poly1305-prfsha384 l chacha20poly1305-prfsha512

SEED is a symmetric-key algorithm. FortiGate supports:

  • seed128-md5 l seed128-sha1 l seed128-sha256 l seed128-sha384 l seed128-sha512

Suite-B is a set of encryption algorithm, AES encryption with ICV in GCM mode. FortiGate supports Suite-B on new kernel platforms only. IPsec traffic cannot offload to NPU. CP9 supports Suite-B offloading, otherwise packets are encrypted and decrypted by software. FortiGate supports:

  • suite-b-gcm-128 l suite-b-gcm-256
This entry was posted in Administration Guides, FortiGate, FortiOS 6.2 on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.