IKEv1 phase2 encryption algorithm
The default encryption algorithm is:
aes128-sha1 aes256-sha1 aes128-sha256 aes256-sha256 aes128gcm aes256gcm chacha20poly1305 In null encryption, IPsec traffic can offload NPU/CP. FortiGate supports:
- null-md5 l null-sha1 l null-sha256 l null-sha384 l null-sha512
In DES encryption algorithm, IPsec traffic can offload NPU/CP. FortiGate supports:
- des-null l des-md5 l des-sha1 l des-sha256 l des-sha384 l des-sha512
In 3DES encryption algorithm, IPsec traffic can offload NPU/CP. FortiGate supports:
- 3des-null l 3des-md5 l 3des-sha1 l 3des-sha256 l 3des-sha384 l 3des-sha512
In AES encryption algorithm, IPsec traffic can offload NPU/CP. FortiGate supports:
- aes128-null l aes128-md5 l aes128-sha1 aes128-sha256 aes128-sha384 l aes128-sha512 l aes192-null l aes192-md5 l aes192-sha1 l aes192-sha256 l aes192-sha384 l aes192-sha512 l aes256-null l aes256-md5 l aes256-sha1 l aes256-sha256 l aes256-sha384 l aes256-sha512
In AESGCM encryption algorithm, IPsec traffic cannot offload NPU/CP. FortiGate supports:
- aes128gcm l aes256gcm
In chacha20poly1305 encryption algorithm, IPsec traffic cannot offload NPU/CP. FortiGate supports:
- chacha20poly1305
In ARIA encryption algorithm, IPsec traffic cannot offload NPU/CP. FortiGate supports:
- aria128-null l aria128-md5 l aria128-sha1 l aria128-sha256 l aria128-sha384 l aria128-sha512 l aria192-null l aria192-md5 l aria192-sha1 l aria192-sha256 l aria192-sha384 l aria192-sha512 l aria256-null l aria256-md5 l aria256-sha1 l aria256-sha256 l aria256-sha384 l aria256-sha512
In SEED encryption algorithm, IPsec traffic cannot offload NPU/CP. FortiGate supports:
- seed-null l seed-md5 l seed-sha1 seed-sha256 seed-sha384 l seed-sha512
Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!