Ciphers added to fips-ciphers mode on FortiGate-VM 6.4.7
FortiGate-VM fips-ciphers
mode has added new ciphers so that cloud instances running this mode can establish IPsec VPN tunnels with hardware models running FIPS-CC mode. This feature is available for FortiGate-VMs deployed on AWS, Azure, Google Cloud, and OCI.
fips-cipher mode
supports the following ciphers for IPsec VPN:
Phase-1:
aes128-sha256 aes128-sha256 aes128-sha384 aes128-sha384 aes128-sha512 aes128-sha512 aes128gcm-prfsha256 aes128gcm-prfsha256 aes128gcm-prfsha384 aes128gcm-prfsha384 aes128gcm-prfsha512 aes128gcm-prfsha512 aes256-sha256 aes256-sha256 aes256-sha384 aes256-sha384 aes256-sha512 aes256-sha512 aes256gcm-prfsha256 aes256gcm-prfsha256 aes256gcm-prfsha384 aes256gcm-prfsha384 aes256gcm-prfsha512 aes256gcm-prfsha512
Phase-2:
aes128-sha256 aes128-sha256 aes128-sha384 aes128-sha384 aes128-sha512 aes128-sha512 aes128gcm aes128gcm aes256-sha256 aes256-sha256 aes256-sha384 aes256-sha384 aes256-sha512 aes256-sha512 aes256gcm aes256gcm