Encryption algorithms

This topic provides a brief introduction to IPsec phase 1 and phase 2 encryption algorithms and includes the following sections:

IKEv1 phase 1 encryption algorithm

The default encryption algorithm is:

aes128-sha256 aes256-sha256 aes128-sha1 aes256-sha1

DES is a symmetric-key algorithm, which means the same key is used for encrypting and decrypting data. FortiOS supports:

  • des-md5
  • des-sha1
  • des-sha256
  • des-sha384
  • des-sha512

3DES applies the DES algorithm three times to each data. FortiOS supports:

  • 3des-md5
  • 3des-sha1
  • 3des-sha256
  • 3des-sha384
  • 3des-sha512

AES is a symmetric-key algorithm with different key lengths (128, 192, and 256 bits). FortiOS supports:

  • aes128-md5
  • aes128-sha1
  • aes128-sha256
  • aes128-sha384
  • aes128-sha512
  • aes192-md5
  • aes192-sha1
  • aes192-sha256
  • aes192-sha384
  • aes192-sha512
  • aes256-md5
  • aes256-sha1
  • aes256-sha256
  • aes256-sha384
  • aes256-sha512

The ARIA algorithm is based on AES with different key lengths (128, 192, and 256 bits). FortiOS supports:

  • aria128-md5
  • aria128-sha1
  • aria128-sha256
  • aria128-sha384
  • aria128-sha512
  • aria192-md5
  • aria192-sha1
  • aria192-sha256
  • aria192-sha384
  • aria192-sha512
  • aria256-md5
  • aria256-sha1
  • aria256-sha256
  • aria256-sha384
  • aria256-sha512

SEED is a symmetric-key algorithm. FortiOS supports:

  • seed128-md5
  • seed128-sha1
  • seed128-sha256
  • seed128-sha384
  • seed128-sha512

Suite-B is a set of AES encryption with ICV in GCM mode. FortiOS supports Suite-B on new kernel platforms only. IPsec traffic cannot offload to NPU. CP9 supports Suite-B offloading, otherwise packets are encrypted and decrypted by software. FortiOS supports:

  • suite-b-gcm-128
  • suite-b-gcm-256

IKEv1 phase 2 encryption algorithm

The default encryption algorithm is:

aes128-sha1 aes256-sha1 aes128-sha256 aes256-sha256 aes128gcm aes256gcm chacha20poly1305

With null encryption, IPsec traffic can offload NPU/CP. FortiOS supports:

  • null-md5
  • null-sha1
  • null-sha256
  • null-sha384
  • null-sha512

With the DES encryption algorithm, IPsec traffic can offload NPU/CP. FortiOS supports:

  • des-null
  • des-md5
  • des-sha1
  • des-sha256
  • des-sha384
  • des-sha512

With the 3DES encryption algorithm, IPsec traffic can offload NPU/CP. FortiOS supports:

  • 3des-null
  • 3des-md5
  • 3des-sha1
  • 3des-sha256
  • 3des-sha384
  • 3des-sha512

With the AES encryption algorithm, IPsec traffic can offload NPU/CP. FortiOS supports:

  • aes128-null
  • aes128-md5
  • aes128-sha1
  • aes128-sha256
  • aes128-sha384
  • aes128-sha512
  • aes192-null
  • aes192-md5
  • aes192-sha1
  • aes192-sha256
  • aes192-sha384
  • aes192-sha512
  • aes256-null
  • aes256-md5
  • aes256-sha1
  • aes256-sha256
  • aes256-sha384
  • aes256-sha512

With the AESGCM encryption algorithm, IPsec traffic cannot offload NPU/CP. FortiOS supports:

  • aes128gcm
  • aes256gcm

With the chacha20poly1305 encryption algorithm, IPsec traffic cannot offload NPU/CP. FortiOS supports:

  • chacha20poly1305

With the ARIA encryption algorithm, IPsec traffic cannot offload NPU/CP. FortiOS supports:

  • aria128-null
  • aria128-md5
  • aria128-sha1
  • aria128-sha256
  • aria128-sha384
  • aria128-sha512
  • aria192-null
  • aria192-md5
  • aria192-sha1
  • aria192-sha256
  • aria192-sha384
  • aria192-sha512
  • aria256-null
  • aria256-md5
  • aria256-sha1
  • aria256-sha256
  • aria256-sha384
  • aria256-sha512

With the SEED encryption algorithm, IPsec traffic cannot offload NPU/CP. FortiOS supports:

  • seed-null
  • seed-md5
  • seed-sha1
  • seed-sha256
  • seed-sha384
  • seed-sha512

IKEv2 phase 1 encryption algorithm

The default encryption algorithm is:

aes128-sha256 aes256-sha256 aes128gcm-prfsha256 aes256gcm-prfsha384 chacha20poly1305-prfsha256

DES is a symmetric-key algorithm, which means the same key is used for encrypting and decrypting data. FortiOS supports:

  • des-md5
  • des-sha1
  • des-sha256
  • des-sha384
  • des-sha512

3DES applies the DES algorithm three times to each data. FortiOS supports:

  • 3des-md5
  • 3des-sha1
  • 3des-sha256
  • 3des-sha384
  • 3des-sha512

AES is a symmetric-key algorithm with different key lengths (128, 192, and 256 bits). FortiOS supports:

  • aes128-md5
  • aes128-sha1
  • aes128-sha256
  • aes128-sha384
  • aes128-sha512
  • aes128gcm-prfsha1
  • aes128gcm-prfsha256
  • aes128gcm-prfsha384
  • aes128gcm-prfsha512
  • aes192-md5
  • aes192-sha1
  • aes192-sha256
  • aes192-sha384
  • aes192-sha512
  • aes256-md5
  • aes256-sha1
  • aes256-sha256
  • aes256-sha384
  • aes256-sha512
  • aes256gcm-prfsha1
  • aes256gcm-prfsha256
  • aes256gcm-prfsha384
  • aes256gcm-prfsha512

The ARIA algorithm is based on AES with different key lengths (128, 192, and 256 bits). FortiOS supports:

  • aria128-md5
  • aria128-sha1
  • aria128-sha256
  • aria128-sha384
  • aria128-sha512
  • aria192-md5
  • aria192-sha1
  • aria192-sha256
  • aria192-sha384
  • aria192-sha512
  • aria256-md5
  • aria256-sha1
  • aria256-sha256
  • aria256-sha384
  • aria256-sha512

With the chacha20poly1305 encryption algorithm, FortiOS supports:

  • chacha20poly1305-prfsha1
  • chacha20poly1305-prfsha256
  • chacha20poly1305-prfsha384
  • chacha20poly1305-prfsha512

SEED is a symmetric-key algorithm. FortiOS supports:

  • seed128-md5
  • seed128-sha1
  • seed128-sha256
  • seed128-sha384
  • seed128-sha512

Suite-B is a set of AES encryption with ICV in GCM mode. FortiOS supports Suite-B on new kernel platforms only. IPsec traffic cannot offload to NPU. CP9 supports Suite-B offloading, otherwise packets are encrypted and decrypted by software. FortiOS supports:

  • suite-b-gcm-128
  • suite-b-gcm-256

IKEv2 phase 2 encryption algorithm

The default encryptio