Fortinet black logo

New Features

Home FortiClient 7.2.0 New Features
7.2.0
7.2.0
7.0.0
6.4.0
6.2.3
6.2.2
6.2.1
6.2.0

Support for encryption recommended by NCSC 7.2.2

Support for encryption recommended by NCSC 7.2.2

FortiClient and EMS support new cryptographic profiles in phase 1 and phase 2 proposals of IPsec VPN tunnels as the National Cyber Security Centre (NCSC) in the United Kingdom recommends. These enhancements allow FortiClient to establish a securer IPsec VPN connection.

Support for new encryption algorithms has been added for phase 1 and phase 2 proposals of IPsec VPN:

Algorithm

Description

AES128 GCM

Advanced Encryption Standard (AES) algorithm in Galois/Counter mode using 128-bit block algorithm that uses a 128-bit key.

AES256 GCM

AES algorithm in Galois/Counter mode similar to AES128 GCM, but uses a 256-bit key instead of 128-bit key.

The following new authentication algorithms have also been added. Only phase 1 proposal of IKEv2 supports these algorithms:

  • PRF SHA1

  • PRF SHA256

  • PRF SHA384

  • PRF SHA512

Support for the following certificates is also added:

  • ECDSA with SHA256 digests on NIST P-256 curve

  • RSA with 2048-bit modulus and SHA256 digests

EMS and FortiClient also support the new DH group 21.

Previous
Next

Support for encryption recommended by NCSC 7.2.2

FortiClient and EMS support new cryptographic profiles in phase 1 and phase 2 proposals of IPsec VPN tunnels as the National Cyber Security Centre (NCSC) in the United Kingdom recommends. These enhancements allow FortiClient to establish a securer IPsec VPN connection.

Support for new encryption algorithms has been added for phase 1 and phase 2 proposals of IPsec VPN:

Algorithm

Description

AES128 GCM

Advanced Encryption Standard (AES) algorithm in Galois/Counter mode using 128-bit block algorithm that uses a 128-bit key.

AES256 GCM

AES algorithm in Galois/Counter mode similar to AES128 GCM, but uses a 256-bit key instead of 128-bit key.

The following new authentication algorithms have also been added. Only phase 1 proposal of IKEv2 supports these algorithms:

  • PRF SHA1

  • PRF SHA256

  • PRF SHA384

  • PRF SHA512

Support for the following certificates is also added:

  • ECDSA with SHA256 digests on NIST P-256 curve

  • RSA with 2048-bit modulus and SHA256 digests

EMS and FortiClient also support the new DH group 21.

Previous
Next