Hello all,
i'am using here FortiOS7 with lates Forticlient for Android 6.4.6.0507. IPSEC works, but the highest encryption level ist AES128 and SHA-1. https://en.wikipedia.org/wiki/Advanced_Encryption_Standard
https://en.wikipedia.org/wiki/SHA-1
Can anyone tell me the reason for building a VPN client with almost the lowest encryption? That used to be safe many many years ago.
Very Thanks and best Regards
Fireon
Fortigate 60E v7.x (GA)
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Okay sha1 is not hackable. If you are using pfs in your ipsec configuration your safe from any attacks. if in doubt run short IKE/IPSEC key-life but I would not personally be worried over sha1.
Now yes FC6.4 still supports md5/sha1 "only" , why that is a business question to FTNT. Strongsan and greenbow are great alternative for ipsec-clients.
I think one of the reason mobile-devices are not using top-notch encryption is due to the size of the processors in the phone and the vendor don't not want to overburden these devices. Just my wild guess.
Ken Felix
PCNSE
NSE
StrongSwan
Thank you for this information and your Recommendation in the other thread. This can be an solution.
Fortigate 60E v7.x (GA)
NP , I also throw in NCP in that other thread. It's very reliable. Actually all of them are very good. I will update some details on the blog and specifically with greenbow here in soon.
Ken Felix
PCNSE
NSE
StrongSwan
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1634 | |
1063 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.