Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
mhemambika
Staff
Staff

Created on ‎10-26-2024 08:42 AM

Article Id 352764

Troubleshooting Tip: Unable to select high encryption options such as 3DES or AES when configuring the IPsec tunnel

Description This article describes a situation where high encryption 3DES and AES cannot be selected in the IPsec tunnel configuration, along with potential causes for this issue.
Scope Applicable to FortiGate versions.
Solution

 Check device compatibility:

 

It is important to ensure that the hardware or software FortiGate device supports high encryption algorithms, as some older devices may not support AES or 3DES.

 

Consider the following example:

 

get sys status
Version: FortiGate-400F v7.2.10,build1706,240918 (GA.M)
Security Level: 0
Virus-DB: 1.00000(2018-04-09 18:07)
Extended DB: 1.00000(2018-04-09 18:07)
Extreme DB: 1.00000(2018-04-09 18:07)
AV AI/ML Model: 3.00243(2024-08-20 00:45)
IPS-DB: 6.00741(2015-12-01 02:30)
IPS-ETDB: 6.00741(2015-12-01 02:30)
APP-DB: 6.00741(2015-12-01 02:30)
FMWP-DB: 24.00090(2024-09-23 14:32)
INDUSTRIAL-DB: 6.00741(2015-12-01 02:30)
IPS Malicious URL Database: 1.00001(2015-01-01 01:01)
IoT-Detect: 0.00000(2022-08-17 17:31)
Serial-Number: FG4H0FT923913712
BIOS version: 06000101
System Part-Number: P27290-05
Log hard disk: Not available
Hostname: Firewall_PRIMARY
Operation Mode: NAT
Current virtual domain: root
Max number of virtual domains: 10
Virtual domains status: 1 in NAT mode, 0 in TP mode
Virtual domain configuration: disable
FIPS-CC mode: disable
Current HA mode: a-p, primary
Cluster uptime: 6 days, 20 hours, 37 minutes, 12 seconds
Cluster state change time: 2024-09-26 17:28:37
License Status: Low-Encryption(LENC)

 

The FortiGate-400F device displays a license status of Low-Encryption (LENC), indicating that it supports only low encryption algorithms.

 

In such cases, it is advisable to upgrade to a full encryption device by acquiring a strong encryption upgrade license key.
363
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.