Fortinet black logo

New Features

Ciphers added to fips-ciphers mode on FortiGate-VM 6.4.7

Copy Link
Copy Doc ID de1e129a-0283-11ea-8977-00505692583a:873234
Download PDF

Ciphers added to fips-ciphers mode on FortiGate-VM 6.4.7

FortiGate-VM fips-ciphers mode has added new ciphers so that cloud instances running this mode can establish IPsec VPN tunnels with hardware models running FIPS-CC mode. This feature is available for FortiGate-VMs deployed on AWS, Azure, Google Cloud, and OCI.

fips-cipher mode supports the following ciphers for IPsec VPN:

Phase-1:

aes128-sha256          aes128-sha256
aes128-sha384          aes128-sha384
aes128-sha512          aes128-sha512
aes128gcm-prfsha256    aes128gcm-prfsha256
aes128gcm-prfsha384    aes128gcm-prfsha384
aes128gcm-prfsha512    aes128gcm-prfsha512
aes256-sha256          aes256-sha256
aes256-sha384          aes256-sha384
aes256-sha512          aes256-sha512
aes256gcm-prfsha256    aes256gcm-prfsha256
aes256gcm-prfsha384    aes256gcm-prfsha384
aes256gcm-prfsha512    aes256gcm-prfsha512

Phase-2:

aes128-sha256    aes128-sha256
aes128-sha384    aes128-sha384
aes128-sha512    aes128-sha512
aes128gcm        aes128gcm
aes256-sha256    aes256-sha256
aes256-sha384    aes256-sha384
aes256-sha512    aes256-sha512
aes256gcm        aes256gcm

Ciphers added to fips-ciphers mode on FortiGate-VM 6.4.7

FortiGate-VM fips-ciphers mode has added new ciphers so that cloud instances running this mode can establish IPsec VPN tunnels with hardware models running FIPS-CC mode. This feature is available for FortiGate-VMs deployed on AWS, Azure, Google Cloud, and OCI.

fips-cipher mode supports the following ciphers for IPsec VPN:

Phase-1:

aes128-sha256          aes128-sha256
aes128-sha384          aes128-sha384
aes128-sha512          aes128-sha512
aes128gcm-prfsha256    aes128gcm-prfsha256
aes128gcm-prfsha384    aes128gcm-prfsha384
aes128gcm-prfsha512    aes128gcm-prfsha512
aes256-sha256          aes256-sha256
aes256-sha384          aes256-sha384
aes256-sha512          aes256-sha512
aes256gcm-prfsha256    aes256gcm-prfsha256
aes256gcm-prfsha384    aes256gcm-prfsha384
aes256gcm-prfsha512    aes256gcm-prfsha512

Phase-2:

aes128-sha256    aes128-sha256
aes128-sha384    aes128-sha384
aes128-sha512    aes128-sha512
aes128gcm        aes128gcm
aes256-sha256    aes256-sha256
aes256-sha384    aes256-sha384
aes256-sha512    aes256-sha512
aes256gcm        aes256gcm