Encryption algorithms
This topic provides a brief introduction to IPsec phase 1 and phase 2 encryption algorithms and includes the following sections:
- IKEv1 phase 1 encryption algorithm
- IKEv1 phase 2 encryption algorithm
- IKEv2 phase 1 encryption algorithm
- IKEv2 phase 2 encryption algorithm
- HMAC settings
IKEv1 phase 1 encryption algorithm
The default encryption algorithm is:
aes128-sha256 aes256-sha256 aes128-sha1 aes256-sha1
DES is a symmetric-key algorithm, which means the same key is used for encrypting and decrypting data. FortiOS supports:
- des-md5
- des-sha1
- des-sha256
- des-sha384
- des-sha512
3DES applies the DES algorithm three times to each data. FortiOS supports:
- 3des-md5
- 3des-sha1
- 3des-sha256
- 3des-sha384
- 3des-sha512
AES is a symmetric-key algorithm with different key lengths (128, 192, and 256 bits). FortiOS supports:
- aes128-md5
- aes128-sha1
- aes128-sha256
- aes128-sha384
- aes128-sha512
- aes192-md5
- aes192-sha1
- aes192-sha256
- aes192-sha384
- aes192-sha512
- aes256-md5
- aes256-sha1
- aes256-sha256
- aes256-sha384
- aes256-sha512
The ARIA algorithm is based on AES with different key lengths (128, 192, and 256 bits). FortiOS supports:
- aria128-md5
- aria128-sha1
- aria128-sha256
- aria128-sha384
- aria128-sha512
- aria192-md5
- aria192-sha1
- aria192-sha256
- aria192-sha384
- aria192-sha512
- aria256-md5
- aria256-sha1
- aria256-sha256
- aria256-sha384
- aria256-sha512
SEED is a symmetric-key algorithm. FortiOS supports:
- seed128-md5
- seed128-sha1
- seed128-sha256
- seed128-sha384
- seed128-sha512
Suite-B is a set of AES encryption with ICV in GCM mode. IPsec traffic can be offloaded on NP6XLite and NP7 platforms. They cannot be offloaded on other NP6 processors and below. CP9 supports Suite-B offloading, otherwise packets are encrypted and decrypted by software. FortiOS supports:
- suite-b-gcm-128
- suite-b-gcm-256
See Network processors (NP6, NP6XLite, NP6Lite, and NP4) and CP9, CP9XLite, and CP9Lite capabilities in the Hardware Acceleration guide for more information.
IKEv1 phase 2 encryption algorithm
The default encryption algorithm is:
aes128-sha1 aes256-sha1 aes128-sha256 aes256-sha256 aes128gcm aes256gcm chacha20poly1305
With null encryption, IPsec traffic can offload NPU/CP. FortiOS supports:
- null-md5
- null-sha1
- null-sha256
- null-sha384
- null-sha512
With the DES encryption algorithm, IPsec traffic can offload NPU/CP. FortiOS supports:
- des-null
- des-md5
- des-sha1
- des-sha256
- des-sha384
- des-sha512
With the 3DES encryption algorithm, IPsec traffic can offload NPU/CP. FortiOS supports:
- 3des-null
- 3des-md5
- 3des-sha1
- 3des-sha256
- 3des-sha384
- 3des-sha512
With the AES encryption algorithm, IPsec traffic can offload NPU/CP. FortiOS supports:
- aes128-null
- aes128-md5
- aes128-sha1
- aes128-sha256
- aes128-sha384
- aes128-sha512
- aes192-null
- aes192-md5
- aes192-sha1
- aes192-sha256
- aes192-sha384
- aes192-sha512
- aes256-null
- aes256-md5
- aes256-sha1
- aes256-sha256
- aes256-sha384
- aes256-sha512
With the AESGCM encryption algorithm, IPsec traffic cannot offload NPU/CP. FortiOS supports:
- aes128gcm
- aes256gcm
With the chacha20poly1305 encryption algorithm, IPsec traffic cannot offload NPU/CP. FortiOS supports:
- chacha20poly1305
With the ARIA encryption algorithm, IPsec traffic cannot offload NPU/CP. FortiOS supports:
- aria128-null
- aria128-md5
- aria128-sha1
- aria128-sha256
- aria128-sha384
- aria128-sha512
- aria192-null
- aria192-md5
- aria192-sha1
- aria192-sha256
- aria192-sha384
- aria192-sha512
- aria256-null
- aria256-md5
- aria256-sha1
- aria256-sha256
- aria256-sha384
- aria256-sha512
With the SEED encryption algorithm, IPsec traffic cannot offload NPU/CP. FortiOS supports:
- seed-null
- seed-md5
- seed-sha1
- seed-sha256
- seed-sha384
- seed-sha512
IKEv2 phase 1 encryption algorithm
The default encryption algorithm is:
aes128-sha256 aes256-sha256 aes128gcm-prfsha256 aes256gcm-prfsha384 chacha20poly1305-prfsha256
DES is a symmetric-key algorithm, which means the same key is used for encrypting and decrypting data. FortiOS supports:
- des-md5
- des-sha1
- des-sha256
- des-sha384
- des-sha512
3DES applies the DES algorithm three times to each data. FortiOS supports:
- 3des-md5
- 3des-sha1
- 3des-sha256
- 3des-sha384
- 3des-sha512
AES is a symmetric-key algorithm with different key lengths (128, 192, and 256 bits). FortiOS supports:
- aes128-md5
- aes128-sha1
- aes128-sha256
- aes128-sha384
- aes128-sha512
- aes128gcm-prfsha1
- aes128gcm-prfsha256
- aes128gcm-prfsha384
- aes128gcm-prfsha512
- aes192-md5
- aes192-sha1
- aes192-sha256
- aes192-sha384
- aes192-sha512
- aes256-md5
- aes256-sha1
- aes256-sha256
- aes256-sha384
- aes256-sha512
- aes256gcm-prfsha1
- aes256gcm-prfsha256
- aes256gcm-prfsha384
- aes256gcm-prfsha512
The ARIA algorithm is based on AES with different key lengths (128, 192, and 256 bits). FortiOS supports:
- aria128-md5
- aria128-sha1
- aria128-sha256
- aria128-sha384
- aria128-sha512
- aria192-md5
- aria192-sha1
- aria192-sha256
- aria192-sha384
- aria192-sha512
- aria256-md5
- aria256-sha1
- aria256-sha256
- aria256-sha384
- aria256-sha512
With the chacha20poly1305 encryption algorithm, FortiOS supports:
- chacha20poly1305-prfsha1
- chacha20poly1305-prfsha256
- chacha20poly1305-prfsha384
- chacha20poly1305-prfsha512
SEED is a symmetric-key algorithm. FortiOS supports:
- seed128-md5
- seed128-sha1
- seed128-sha256
- seed128-sha384
- seed128-sha512
Suite-B is a set of AES encryption with ICV in GCM mode. IPsec traffic can be offloaded on NP6XLite and NP7 platforms. They cannot be offloaded on other NP6 processors and below. CP9 supports Suite-B offloading, otherwise packets are encrypted and decrypted by software. FortiOS supports:
- suite-b-gcm-128
- suite-b-gcm-256
See Network processors (NP6, NP6XLite, NP6Lite, and NP4) and CP9, CP9XLite, and CP9Lite capabilities in the Hardware Acceleration guide for more information.
IKEv2 phase 2 encryption algorithm
The default encryption algorithm is:
aes128-sha1 aes256-sha1 aes128-sha256 aes256-sha256 aes128gcm aes256gcm chacha20poly1305
With null encryption, IPsec traffic can offload NPU/CP. FortiOS supports:
- null-md5
- null-sha1
- null-sha256
- null-sha384
- null-sha512
With the DES encryption algorithm, IPsec traffic can offload NPU/CP. FortiOS supports:
- des-null
- des-md5
- des-sha1
- des-sha256
- des-sha384
- des-sha512
With the 3DES encryption algorithm, IPsec traffic can offload NPU/CP. FortiOS supports:
- 3des-null
- 3des-md5
- 3des-sha1
- 3des-sha256
- 3des-sha384
- 3des-sha512
With the AES encryption algorithm, IPsec traffic can offload NPU/CP. FortiOS supports:
- aes128-null
- aes128-md5
- aes128-sha1
- aes128-sha256
- aes128-sha384
- aes128-sha512
- aes192-null
- aes192-md5
- aes192-sha1
- aes192-sha256
- aes192-sha384
- aes192-sha512
- aes256-null
- aes256-md5
- aes256-sha1
- aes256-sha256
- aes256-sha384
- aes256-sha512
With the AESGCM encryption algorithm, IPsec traffic cannot offload NPU. CP9 supports AESGCM offloading. FortiOS supports:
- aes128gcm
- aes256gcm
With the chacha20poly1305 encryption algorithm, IPsec traffic cannot offload NPU/CP. FortiOS supports:
- chacha20poly1305
With the ARIA encryption algorithm, IPsec traffic cannot offload NPU/CP. FortiOS supports:
- aria128-null
- aria128-md5
- aria128-sha1
- aria128-sha256
- aria128-sha384
- aria128-sha512
- aria192-null
- aria192-md5
- aria192-sha1
- aria192-sha256
- aria192-sha384
- aria192-sha512
- aria256-null
- aria256-md5
- aria256-sha1
- aria256-sha256
- aria256-sha384
- aria256-sha512
With the SEED encryption algorithm, IPsec traffic cannot offload NPU/CP. FortiOS supports:
- seed-null
- seed-md5
- seed-sha1
- seed-sha256
- seed-sha384
- seed-sha512
HMAC settings
The FortiGate uses the HMAC based on the authentication proposal that is chosen in phase 1 or phase 2 of the IPsec configuration. Each proposal consists of the encryption-hash pair (such as 3des-sha256). The FortiGate matches the most secure proposal to negotiate with the peer.
To view the chosen proposal and the HMAC hash used:
# diagnose vpn ike gateway list vd: root/0 name: MPLS version: 1 interface: port1 3 addr: 192.168.2.5:500 -> 10.10.10.1:500 virtual-interface-addr: 172.31.0.2 -> 172.31.0.1 created: 1015820s ago IKE SA: created 1/13 established 1/13 time 10/1626/21010 ms IPsec SA: created 1/24 established 1/24 time 0/11/30 ms id/spi: 124 43b087dae99f7733/6a8473e58cd8990a direction: responder status: established 68693-68693s ago = 10ms proposal: 3des-sha256 key: e0fa6ab8dc509b33-aa2cc549999b1823-c3cb9c337432646e lifetime/rekey: 86400/17436 DPD sent/recv: 000001e1/00000000