IPSEC IKEv2 phase2 encryption algorithm

IKEv2 phase2 encryption algorithm

The default encryption algorithm is:

aes128-sha1 aes256-sha1 aes128-sha256 aes256-sha256 aes128gcm aes256gcm chacha20poly1305 In null encryption, IPsec traffic can offload NPU/CP. FortiGate supports:

  • null-md5 l null-sha1 l null-sha256 null-sha384 null-sha512

In DES encryption algorithm, IPsec traffic can offload NPU/CP. FortiGate supports:

  • des-null l des-md5 l des-sha1 l des-sha256 l des-sha384 l des-sha512

In 3DES encryption algorithm, IPsec traffic can offload NPU/CP. FortiGate supports:

  • 3des-null l 3des-md5 l 3des-sha1 l 3des-sha256 l 3des-sha384 l 3des-sha512

In AES encryption algorithm, IPsec traffic can offload NPU/CP. FortiGate supports:

  • aes128-null l aes128-md5 l aes128-sha1 l aes128-sha256 l aes128-sha384 l aes128-sha512 l aes192-null l aes192-md5 l aes192-sha1 l aes192-sha256 l aes192-sha384 l aes192-sha512 l aes256-null l aes256-md5 l aes256-sha1 l aes256-sha256 l aes256-sha384 l aes256-sha512

In AESGCM encryption algorithm, IPsec traffic cannot offload NPU. CP9 supports AESGCM offloading. FortiGate supports:

  • aes128gcm l aes256gcm

In chacha20poly1305 encryption algorithm, IPsec traffic cannot offload NPU/CP. FortiGate supports:

  • chacha20poly1305

 

In ARIA encryption algorithm, IPsec traffic cannot offload NPU/CP. FortiGate supports:

  • aria128-null l aria128-md5 l aria128-sha1 l aria128-sha256 l aria128-sha384 l aria128-sha512 l aria192-null l aria192-md5 l aria192-sha1 l aria192-sha256 l aria192-sha384 l aria192-sha512 l aria256-null l aria256-md5 l aria256-sha1 l aria256-sha256 l aria256-sha384 l aria256-sha512

In SEED encryption algorithm, IPsec traffic cannot offload NPU/CP. FortiGate supports:

  • seed-null l seed-md5 l seed-sha1 l seed-sha256 l seed-sha384 l seed-sha512

Having trouble configuring your Fortinet hardware or have some questions you need answered? Ask your questions in the comments below!!! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Don't Forget To Buy Your Fortinet Hardware From The Fortinet GURU