Created on ‎07-05-2024 02:08 AM Edited on ‎12-09-2024 07:32 AM By Jean-Philippe_P
Description |
This article describes the implementation of QKD for site-to-site IPSec VPN. |
Scope | FortiOS 7.4.2. |
Solution |
Quantum Key Distribution(QKD) can be used in FortiGate IPsec configuration to manage the key between two endpoint tunnels via Key Management Entity (KME).
FortiGate-A.
config user peer edit "qkdtest" set ca "CA_Cert" next end
config vpn qkd edit "qkdtest" set server "10.100.0.1" <-- Server IPv4, IPv6 or DNS address of the KME. set port 443 <-- Port to connect to on the KME. set id "qkd00001" <-- ID Quantum Key Distribution ID assigned by the KME. set peer "qkdtest" <-- Peer Authenticate Quantum Key Device's certificate with the peer/peergrp. set certificate "client" next
FortiGate-B.
config user peer edit "qkdtest" set ca "CA_Cert" next end
config vpn qkd edit "qkdtest" set server "10.100.0.1" <-- Server IPv4, IPv6 or DNS address of the KME. set port 443 <-- Port to connect to on the KME. set id "qkd00002" <-- Id Quantum Key Distribution ID assigned by the KME. set peer "qkdtest" <-- Peer Authenticate Quantum Key Device's certificate with the peer/peergrp. set certificate "client" next
The below command can verify the status of QKD.
diag vpn ike qkd qkdtest diag debug application ike -1 diag de en
Note: QKD commands and support are hidden in v7.6.0 to fix a known issue, and it will be available in v7.6.1 again. |