IPSEC IKEv2 phase2 encryption algorithm

IKEv2 phase2 encryption algorithm

The default encryption algorithm is:

aes128-sha1 aes256-sha1 aes128-sha256 aes256-sha256 aes128gcm aes256gcm chacha20poly1305 In null encryption, IPsec traffic can offload NPU/CP. FortiGate supports:

• null-md5 l null-sha1 l null-sha256 null-sha384 null-sha512

In DES encryption algorithm, IPsec traffic can offload NPU/CP. FortiGate supports:

• des-null l des-md5 l des-sha1 l des-sha256 l des-sha384 l des-sha512

In 3DES encryption algorithm, IPsec traffic can offload NPU/CP. FortiGate supports:

• 3des-null l 3des-md5 l 3des-sha1 l 3des-sha256 l 3des-sha384 l 3des-sha512

In AES encryption algorithm, IPsec traffic can offload NPU/CP. FortiGate supports:

• aes128-null l aes128-md5 l aes128-sha1 l aes128-sha256 l aes128-sha384 l aes128-sha512 l aes192-null l aes192-md5 l aes192-sha1 l aes192-sha256 l aes192-sha384 l aes192-sha512 l aes256-null l aes256-md5 l aes256-sha1 l aes256-sha256 l aes256-sha384 l aes256-sha512

In AESGCM encryption algorithm, IPsec traffic cannot offload NPU. CP9 supports AESGCM offloading. FortiGate supports:

• aes128gcm l aes256gcm

In chacha20poly1305 encryption algorithm, IPsec traffic cannot offload NPU/CP. FortiGate supports:

• chacha20poly1305

In ARIA encryption algorithm, IPsec traffic cannot offload NPU/CP. FortiGate supports:

• aria128-null l aria128-md5 l aria128-sha1 l aria128-sha256 l aria128-sha384 l aria128-sha512 l aria192-null l aria192-md5 l aria192-sha1 l aria192-sha256 l aria192-sha384 l aria192-sha512 l aria256-null l aria256-md5 l aria256-sha1 l aria256-sha256 l aria256-sha384 l aria256-sha512

In SEED encryption algorithm, IPsec traffic cannot offload NPU/CP. FortiGate supports:

• seed-null l seed-md5 l seed-sha1 l seed-sha256 l seed-sha384 l seed-sha512