Does anyone know the default AES block cipher mode used (GCM, CBC, CTR, etc) for IPSec VPN Phase I/II?
And is this configurable/modifiable?
Thanks in advance.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
It should be cbc , what version are you working with ( fortios ) and have you looked at the cli reference guide ?
PCNSE
NSE
StrongSwan
Later FortiOS versions allow you to select GCM for phase2 but you must explicitly select it. If you don't see those in the drop down for the p2 config, your version is not new enough. You can also select CHACHA20POLY1305 for the p2. Now, that being said, I have a feeling you'll only gain from making this selection if you're running on a box with a new enough CPU that has the AES-NI instruction set. I was about to post a thread asking about this actually, since the FortiOS docs aren't clear.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1517 | |
1013 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.