Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.

Master list of pros/cons of VPN ciphers per platform? i.e. AES256/SHA2 vs GCM vs CHACHA

Does anyone know if Fortinet has some master list of the pros and cons of the various encryption and auth ciphers/hashes, and what platforms they may or may not be a good idea on?  For example, I know that the 100D and below cannot offload SHA256 hashing, so if you set up a tunnel using that in the phase2, your performance is horrid due to it punting to the slow celeron CPU.  However, a 100E and even little 60E are perfectly happy with that setup.


Now in later FortiOS I see AES128/256 GCM has become available, along with CHACHA20POLY1305 as an encryption+auth option for phase 2.  I believe in the case of at least the two GCM options, these would ideally involve an AES-NI capable chip to function at optimal speed, but I can find no information on what hardware devices can do that, and what the consequences are if you were to enable those without that offload.  CHACHA I believe relies on normal CPU cycles, but is known to be very efficient, so is there also a scenario where it would be better, and what impact on security does it have compared to the other options available?  How do they compare to AES256/SHA256 on a platform that offloads those?

Top Kudoed Authors