Encryption algorithms
This topic provides a brief introduction to IPsec phase 1 and phase 2 encryption algorithms and includes the following sections:
- IKEv1 phase 1 encryption algorithm
- IKEv1 phase 2 encryption algorithm
- IKEv2 phase 1 encryption algorithm
- IKEv2 phase 2 encryption algorithm
- HMAC settings
IKEv1 phase 1 encryption algorithm
The default encryption algorithm is:
aes128-sha256 aes256-sha256 aes128-sha1 aes256-sha1
DES is a symmetric-key algorithm, which means the same key is used for encrypting and decrypting data. FortiOS supports:
- des-md5
- des-sha1
- des-sha256
- des-sha384
- des-sha512
3DES applies the DES algorithm three times to each data. FortiOS supports:
- 3des-md5
- 3des-sha1
- 3des-sha256
- 3des-sha384
- 3des-sha512
AES is a symmetric-key algorithm with different key lengths (128, 192, and 256 bits). FortiOS supports:
- aes128-md5
- aes128-sha1
- aes128-sha256
- aes128-sha384
- aes128-sha512
- aes192-md5
- aes192-sha1
- aes192-sha256
- aes192-sha384
- aes192-sha512
- aes256-md5
- aes256-sha1
- aes256-sha256
- aes256-sha384
- aes256-sha512
The ARIA algorithm is based on AES with different key lengths (128, 192, and 256 bits). FortiOS supports:
- aria128-md5
- aria128-sha1
- aria128-sha256
- aria128-sha384
- aria128-sha512
- aria192-md5
- aria192-sha1
- aria192-sha256
- aria192-sha384
- aria192-sha512
- aria256-md5
- aria256-sha1
- aria256-sha256
- aria256-sha384
- aria256-sha512
SEED is a symmetric-key algorithm. FortiOS supports:
- seed128-md5
- seed128-sha1
- seed128-sha256
- seed128-sha384
- seed128-sha512
Suite-B is a set of AES encryption with ICV in GCM mode. FortiOS supports Suite-B on new kernel platforms only (kernel version 3 and above). IPsec traffic can be offloaded on NP6XLite and NP7 platforms. They cannot be offloaded on other NP6 processors and below. CP9 supports Suite-B offloading, otherwise packets are encrypted and decrypted by software. FortiOS supports:
- suite-b-gcm-128
- suite-b-gcm-256
See Network processors (NP6, NP6XLite, NP6Lite, and NP4) and CP9, CP9XLite, and CP9Lite capabilities in the Hardware Acceleration guide for more information.
IKEv1 phase 2 encryption algorithm
The default encryption algorithm is:
aes128-sha1 aes256-sha1 aes128-sha256 aes256-sha256 aes128gcm aes256gcm chacha20poly1305
With null encryption, IPsec traffic can offload NPU/CP. FortiOS supports:
- null-md5
- null-sha1
- null-sha256
- null-sha384
- null-sha512
With the DES encryption algorithm, IPsec traffic can offload NPU/CP. FortiOS supports:
- des-null
- des-md5
- des-sha1
- des-sha256
- des-sha384
- des-sha512
With the 3DES encryption algorithm, IPsec traffic can offload NPU/CP. FortiOS supports:
- 3des-null
- 3des-md5
- 3des-sha1
- 3des-sha256
- 3des-sha384
- 3des-sha512
With the AES encryption algorithm, IPsec traffic can offload NPU/CP. FortiOS supports:
- aes128-null
- aes128-md5
- aes128-sha1
- aes128-sha256
- aes128-sha384
- aes128-sha512
- aes192-null
- aes192-md5
- aes192-sha1
- aes192-sha256
- aes192-sha384
- aes192-sha512
- aes256-null
- aes256-md5
- aes256-sha1
- aes256-sha256
- aes256-sha384
- aes256-sha512
With the AESGCM encryption algorithm, IPsec traffic cannot offload NPU/CP. FortiOS supports:
- aes128gcm
- aes256gcm
With the chacha20poly1305 encryption algorithm, IPsec traffic cannot offload NPU/CP. FortiOS supports:
- chacha20poly1305
With the ARIA encryption algorithm, IPsec traffic cannot offload NPU/CP. FortiOS supports:
- aria128-null
- aria128-md5
- aria128-sha1
- aria128-sha256
- aria128-sha384
- aria128-sha512
- aria192-null
- aria192-md5
- aria192-sha1
- aria192-sha256
- aria192-sha384
- aria192-sha512
- aria256-null
- aria256-md5
- aria256-sha1
- aria256-sha256
- aria256-sha384
- aria256-sha512
With the SEED encryption algorithm, IPsec traffic cannot offload NPU/CP. FortiOS supports:
- seed-null
- seed-md5
- seed-sha1
- seed-sha256
- seed-sha384
- seed-sha512
IKEv2 phase 1 encryption algorithm
The default encryption algorithm is:
aes128-sha256 aes256-sha256 aes128gcm-prfsha256 aes256gcm-prfsha384 chacha20poly1305-prfsha256
DES is a symmetric-key algorithm, which means the same key is used for encrypting and decrypting data. FortiOS supports:
- des-md5
- des-sha1
- des-sha256
- des-sha384
- des-sha512
3DES applies the DES algorithm three times to each data. FortiOS supports:
- 3des-md5
- 3des-sha1
- 3des-sha256
- 3des-sha384
- 3des-sha512
AES is a symmetric-key algorithm with different key lengths (128, 192, and 256 bits). FortiOS supports:
- aes128-md5
- aes128-sha1
- aes128-sha256
- aes128-sha384
- aes128-sha512
- aes128gcm-prfsha1
- aes128gcm-prfsha256
- aes128gcm-prfsha384
- aes128gcm-prfsha512
- aes192-md5
- aes192-sha1
- aes192-sha256
- aes192-sha384
- aes192-sha512
- aes256-md5
- aes256-sha1
- aes256-sha256
- aes256-sha384
- aes256-sha512
- aes256gcm-prfsha1
- aes256gcm-prfsha256
- aes256gcm-prfsha384
- aes256gcm-prfsha512
The ARIA algorithm is based on AES with different key lengths (128, 192, and 256 bits). FortiOS supports:
- aria128-md5
- aria128-sha1
- aria128-sha256
- aria128-sha384
- aria128-sha512
- aria192-md5
- aria192-sha1
- aria192-sha256
- aria192-sha384
- aria192-sha512
- aria256-md5
- aria256-sha1
- aria256-sha256
- aria256-sha384
- aria256-sha512
With the chacha20poly1305 encryption algorithm, FortiOS supports:
- chacha20poly1305-prfsha1
- chacha20poly1305-prfsha256
- chacha20poly1305-prfsha384
- chacha20poly1305-prfsha512
SEED is a symmetric-key algorithm. FortiOS supports:
- seed128-md5
- seed128-sha1
- seed128-sha256
- seed128-sha384
- seed128-sha512
Suite-B is a set of AES encryption with ICV in GCM mode. FortiOS supports Suite-B on new kernel platforms only (kernel version 3 and above). IPsec traffic can be offloaded on NP6XLite and NP7 platforms. They cannot be offloaded on other NP6 processors and below. CP9 supports Suite-B offloading, otherwise packets are encrypted and decrypted by software. FortiOS supports:
- suite-b-gcm-128
- suite-b-gcm-256
See Network processors (NP6, NP6XLite, NP6Lite, and NP4) and CP9, CP9XLite, and CP9Lite capabilities in the Hardware Acceleration guide for more information.
IKEv2 phase 2 encryption algorithm
The default encryption algorithm is:
aes128-sha1 aes256-sha1 aes128-sha256 aes256-sha256 aes128gcm aes256gcm chacha20poly1305
With null encryption, IPsec traffic can offload NPU/CP. FortiOS supports:
- null-md5
- null-sha1
- null-sha256
- null-sha384
- null-sha512
With the DES encryption algorithm, IPsec traffic can offload NPU/CP. FortiOS supports:
- des-null
- des-md5
- des-sha1
- des-sha256
- des-sha384
- des-sha512
With the 3DES encryption algorithm, IPsec traffic can offload NPU/CP. FortiOS supports:
- 3des-null
- 3des-md5
- 3des-sha1
- 3des-sha256
- 3des-sha384
- 3des-sha512
With the AES encryption algorithm, IPsec traffic can offload NPU/CP. FortiOS supports:
- aes128-null
- aes128-md5
- aes128-sha1
- aes128-sha256
- aes128-sha384
- aes128-sha512
- aes192-null
- aes192-md5
- aes192-sha1
- aes192-sha256
- aes192-sha384
- aes192-sha512
- aes256-null
- aes256-md5
- aes256-sha1
- aes256-sha256
- aes256-sha384
- aes256-sha512
With the AESGCM encryption algorithm, IPsec traffic cannot offload NPU. CP9 supports AESGCM offloading. FortiOS supports:
- aes128gcm
- aes256gcm
With the chacha20poly1305 encryption algorithm, IPsec traffic cannot offload NPU/CP. FortiOS supports:
- chacha20poly1305
With the ARIA encryption algorithm, IPsec traffic cannot offload NPU/CP. FortiOS supports:
- aria128-null
- aria128-md5
- aria128-sha1
- aria128-sha256
- aria128-sha384
- aria128-sha512
- aria192-null
- aria192-md5
- aria192-sha1
- aria192-sha256
- aria192-sha384
- aria192-sha512
- aria256-null
- aria256-md5
- aria256-sha1
- aria256-sha256
- aria256-sha384
- aria256-sha512
With the SEED encryption algorithm, IPsec traffic cannot offload NPU/CP. FortiOS supports:
- seed-null
- seed-md5
- seed-sha1
- seed-sha256
- seed-sha384
- seed-sha512
HMAC settings
The FortiGate uses the HMAC based on the authentication proposal that is chosen in phase 1 or phase 2 of the IPsec configuration. Each proposal consists of the encryption-hash pair (such as 3des-sha256). The FortiGate matches the most secure proposal to negotiate with the peer.
To view the chosen proposal and the HMAC hash used:
# diagnose vpn ike gateway list vd: root/0 name: MPLS version: 1 interface: port1 3 addr: 192.168.2.5:500 -> 10.10.10.1:500 virtual-interface-addr: 172.31.0.2 -> 172.31.0.1 created: 1015820s ago IKE SA: created 1/13 established 1/13 time 10/1626/21010 ms IPsec SA: created 1/24 established 1/24 time 0/11/30 ms id/spi: 124 43b087dae99f7733/6a8473e58cd8990a direction: responder status: established 68693-68693s ago = 10ms proposal: 3des-sha256 key: e0fa6ab8dc509b33-aa2cc549999b1823-c3cb9c337432646e lifetime/rekey: 86400/17436 DPD sent/recv: 000001e1/00000000