IKEv2 phase1 encryption algorithm
The default encryption algorithm is:
aes128-sha256 aes256-sha256 aes128gcm-prfsha256 aes256gcm-prfsha384 chacha20poly1305-prfsha256
DES is a symmetric-key algorithm which means the same key is used for encrypting and decrypting data. FortiGate supports:
- des-md5 l des-sha1 l des-sha256 l des-sha384 l des-sha512
3DES apply DES algorithm three times to each data. FortiGate supports:
- 3des-md5 l 3des-sha1 l 3des-sha256 l 3des-sha384 l 3des-sha512
AES is a symmetric-key algorithm with different key length: 128, 192, and 256 bits. FortiGate supports:
- aes128-md5 l aes128-sha1 l aes128-sha256 l aes128-sha384 l aes128-sha512 l aes128gcm-prfsha1 l aes128gcm-prfsha256 l aes128gcm-prfsha384 l aes128gcm-prfsha512 l aes192-md5 l aes192-sha1 l aes192-sha256 l aes192-sha384 l aes192-sha512 l aes256-md5 l aes256-sha1 l aes256-sha256 l aes256-sha384 l aes256-sha512 l aes256gcm-prfsha1 l aes256gcm-prfsha256 aes256gcm-prfsha384 aes256gcm-prfsha512
The ARIA algorithm is based on AES with different key length: 128, 192, and 256 bits. FortiGate supports:
- aria128-md5 l aria128-sha1 l aria128-sha256 l aria128-sha384 l aria128-sha512 l aria192-md5 l aria192-sha1 l aria192-sha256 l aria192-sha384 l aria192-sha512 l aria256-md5 l aria256-sha1 l aria256-sha256 l aria256-sha384 l aria256-sha512
In chacha20poly1305 encryption algorithm, FortiGate supports:
- chacha20poly1305-prfsha1 l chacha20poly1305-prfsha256 l chacha20poly1305-prfsha384 l chacha20poly1305-prfsha512
SEED is a symmetric-key algorithm. FortiGate supports:
- seed128-md5 l seed128-sha1 l seed128-sha256 l seed128-sha384 l seed128-sha512
Suite-B is a set of encryption algorithm, AES encryption with ICV in GCM mode. FortiGate supports Suite-B on new kernel platforms only. IPsec traffic cannot offload to NPU. CP9 supports Suite-B offloading, otherwise packets are encrypted and decrypted by software. FortiGate supports:
- suite-b-gcm-128 l suite-b-gcm-256