IKEv2 phase2 encryption algorithm
The default encryption algorithm is:
aes128-sha1 aes256-sha1 aes128-sha256 aes256-sha256 aes128gcm aes256gcm chacha20poly1305 In null encryption, IPsec traffic can offload NPU/CP. FortiGate supports:
- null-md5 l null-sha1 l null-sha256 null-sha384 null-sha512
In DES encryption algorithm, IPsec traffic can offload NPU/CP. FortiGate supports:
- des-null l des-md5 l des-sha1 l des-sha256 l des-sha384 l des-sha512
In 3DES encryption algorithm, IPsec traffic can offload NPU/CP. FortiGate supports:
- 3des-null l 3des-md5 l 3des-sha1 l 3des-sha256 l 3des-sha384 l 3des-sha512
In AES encryption algorithm, IPsec traffic can offload NPU/CP. FortiGate supports:
- aes128-null l aes128-md5 l aes128-sha1 l aes128-sha256 l aes128-sha384 l aes128-sha512 l aes192-null l aes192-md5 l aes192-sha1 l aes192-sha256 l aes192-sha384 l aes192-sha512 l aes256-null l aes256-md5 l aes256-sha1 l aes256-sha256 l aes256-sha384 l aes256-sha512
In AESGCM encryption algorithm, IPsec traffic cannot offload NPU. CP9 supports AESGCM offloading. FortiGate supports:
- aes128gcm l aes256gcm
In chacha20poly1305 encryption algorithm, IPsec traffic cannot offload NPU/CP. FortiGate supports:
- chacha20poly1305
In ARIA encryption algorithm, IPsec traffic cannot offload NPU/CP. FortiGate supports:
- aria128-null l aria128-md5 l aria128-sha1 l aria128-sha256 l aria128-sha384 l aria128-sha512 l aria192-null l aria192-md5 l aria192-sha1 l aria192-sha256 l aria192-sha384 l aria192-sha512 l aria256-null l aria256-md5 l aria256-sha1 l aria256-sha256 l aria256-sha384 l aria256-sha512
In SEED encryption algorithm, IPsec traffic cannot offload NPU/CP. FortiGate supports:
- seed-null l seed-md5 l seed-sha1 l seed-sha256 l seed-sha384 l seed-sha512