Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
duenlim
Staff
Staff

Created on ‎03-03-2025 12:48 AM

Article Id 379968

Technical Tip: Unable to configure enhancing security with Post-Quantum Cryptography (PQC Crystal-Kyber) for IPsec key exchange

Description This article describes how to enable the option for PQC Crystal-Kyber in IPsec tunnel.
Scope FortiGate v7.6.1.
Solution
  1. Follow the steps to configure PQC Crystal-Kyber from: Enhancing security with Post-Quantum Cryptography for IPsec key exchange 7.6.1. But, it is not possible to find the PQC Crystal-Kyber option when configuring under IPsec Phase1:

 

config vpn ipsec phase1-interface

(phase1-interface) # edit TEST

(TEST) # set addke1
command parse error before 'addke1'

(TEST) # set addke2

command parse error before 'addke2'
Command fail. Return code -61

 

  1. It has to enable IKE version 2 under IPsec Phase 1 to configure PQC Crystal-Kyber. Please take note that IKE v1 does not support PQC Crystal-Kyber.

 

config vpn ipsec phase1-interface
(phase1-interface) # edit TEST
# set ike-version 2
Lotus-kvm56 (TEST) # end

# config vpn ipsec phase1-interface
Lotus-kvm56 (phase1-interface) # edit TEST

Lotus-kvm56 (TEST) # set addke1
0 NONE.
35 ML-KEM-512.
36 ML-KEM-768.
37 ML-KEM-1024.
1080 KYBER512.
1081 KYBER768.
1082 KYBER1024.
1083 FRODO L1.
1084 FRODO L3.
1085 FRODO L5.
1089 BIKE L1.
1090 BIKE L3.
1091 BIKE L5.
1092 HQC128.
1093 HQC192.
1094 HQC256.
398
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.