FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
alif
Staff
Staff
Article Id 411954
Description This article describes the FortiGate compliance with BSI TR-02102-3 (2025-01).
Scope FortiGate.
Solution

The following IKEv2 proposals running on FortiGate are considered compliant with the latest cryptographic recommendations outlined in the BSI Technical Guideline TR-02102-3: Cryptographic Mechanisms: Recommendations and Key Lengths, version 2025-01.

 

IANA Name IANA Number RFC FortiGate Equivalent(s)
ENCR_DES_CBC     DES  
      3DES 3DES_CBC
ENCR_AES_CBC 12 RFC 7296, RFC 3602 AES128 AES_CBC
ENCR_AES_CBC 12 RFC 7296, RFC 3602 AES192 AES_CBC
ENCR_AES_CBC 12 RFC 7296, RFC 3602 AES256 AES_CBC
ENCR_AES_GCM_16 20 RFC 5282, RFC 8247 AES128GCM AES_GCM_16 
ENCR_AES_GCM_16 20 RFC 5282, RFC 8247 AES256GCM AES_GCM_16 
ENCR_CHACHA20_POLY1305 28 RFC 7634 CHACHA20_POLY1305 CHACHA20_POLY1305
         
      MD5 AUTH_HMAC_MD5_96
      SHA1 AUTH_HMAC_SHA_96
AUTH_HMAC_SHA2_256_128 12 RFC 4868 SHA256 AUTH_HMAC_SHA2_256_128
AUTH_HMAC_SHA2_384_192 13 RFC 4868 SHA384 AUTH_HMAC_SHA2_384_192
AUTH_HMAC_SHA2_512_256 14 RFC 4868 SHA512 AUTH_HMAC_SHA2_512_256
         
PRF_HMAC_SHA     PRFSHA1 PRF_HMAC_SHA
PRF_HMAC_SHA2_256 5 RFC 4868 PRFSHA256 PRF_HMAC_SHA2_256
PRF_HMAC_SHA2_384 6 RFC 4868 PRFSHA384 PRF_HMAC_SHA2_384
PRF_HMAC_SHA2_512 7 RFC 4868 PRFSHA512

PRF_HMAC_SHA2_512

 

Related documents:

Technical Guideline TR-02102-1 -- Cryptographic Mechanisms: Recommendations and Key Lengths
Technical Guideline TR-02102-3 -- Cryptographic Mechanisms: Recommendations and Key Lengths

 

Contributors