Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
nkorea
Staff
Staff

Created on ‎05-16-2024 10:27 PM Edited on ‎11-01-2024 09:59 AM By Moderator

Article Id 315548

Technical Tip: How FortiGate manages PRF (Pseudo-Random Function) configurations with IKEv2 IPsec tunnels

Description This article describes how to configure a PRF (Pseudo-random Function) algorithm on a FortiGate.
Scope IKEv2 IPsec tunnel configuration on FortiGate.
Solution

How a FortiGate decides which PRF algorithm to send as part of an IKEv2 SA (Security Association) proposal depends on which Encryption algorithm is selected:

 

 

  1. A classic encryption algorithm (i.e. MAC and encryption algorithm) is selected in the SA proposal (for example, AES-CBC ciphers). In such instances, the FortiGate only allows the configuration of an Authentication (or integrity) algorithm. The same algorithm, selected as the Authentication algorithm, is also sent as the PRF algorithm.
    As a result, with a non-AEAD encryption algorithm, only the Authentication/Integrity algorithm is user-configurable, and the same is sent as the PRF algorithm (which is not user configurable) for the SA proposal.

  2. An AEAD (Authenticated Encryption with Associated Data) encryption algorithm is specified in the SA proposal (for example, AES-GCM, or, CHACHA20POLY1305). An AEAD algorithm does not need a separate Authentication/Integrity algorithm, meaning a PRF algorithm becomes user configurable.

    Consequently,     with AEAD algorithms, a PRF algorithm can no longer be derived information and is explicitly configured.

    This can be verified with the configuration on a FortiGate. For example, in the example below, note that the PRF algorithm is explicitly configured only with AEAD algorithms. This information can also be verified by enabling IKE debugs or capturing IKE negotiation packets and looking at the SA proposal algorithms.

 

 

Configuration Snippets:

 

FortiGate-61E (ipsec1) # show
config vpn ipsec phase1-interface
    edit "ipsec1"
        set interface "wan1"
        set ike-version 2
        set peertype any
        set net-device disable
      set proposal aes128-sha256 aes256-sha256 aes128gcm-prfsha256 aes256gcm-prfsha384 chacha20poly1305-prfsha256
        set remote-gw 1.1.1.1
        set psksecret <>
    next
end

FortiGate-61E (ipsec1) # show full-configuration | grep prf

   set proposal aes128-sha256 aes256-sha256 aes128gcm-prfsha256 aes256gcm-prfsha384 chacha20poly1305-prfsha256

 

Debug snippets (from IKEv2 responder):

Debug lines have the initiator and responder SPI snipped (39ebac6f60e09d93/0000000000000000).

 

ike:proposal id = 3:
ike:protocol = IKEv2:
ike:encapsulation = IKEv2/none
ike:type=ENCR, val=AES_CBC (key_len = 128)
ike:type=INTEGR, val=AUTH_HMAC_MD5_96
ike:type=PRF, val=PRF_HMAC_MD5  <- For non-AEAD encryption, PRF - same as Authentication algorithm.
ike:type=DH_GROUP, val=MODP2048.
ike:type=DH_GROUP, val=MODP1536.
ike:proposal id = 4:
ike:protocol = IKEv2:
ike:encapsulation = IKEv2/none
ike:type=ENCR, val=AES_GCM_16 (key_len = 256)
ike:type=PRF, val=PRF_HMAC_SHA2_512 <- For AEAD encryption, the configured PRF algorithm is sent.
ike:type=DH_GROUP, val=MODP2048.
ike:type=DH_GROUP, val=MODP1536.

 

Related documents:
1695
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.