IPSEC Crypto Options
46622
Created On 09/25/18 19:26 PM - Last Modified 06/12/23 20:44 PM
Resolution
Overview
This document describes the hash functions and encryption algorithms supported by the Palo Alto Networks firewall.
Details
AH Priority
| PAN-OS 5.0 and above |
|---|
| md5 |
| sha1 |
| sha256 |
| sha384 |
| sha512 |
ESP Authentication
| PAN-OS 5.0 and above |
|---|
| sha1 |
| md5 |
| sha256 |
| sha384 |
| sha512 |
| none |
ESP encryption
| PAN-OS 5.0 and above | PAN-OS 7.0 and above |
|---|---|
| 3des | 3des |
| aes128 | aes-128-cbc |
| aes192 | aes-192-cbc |
| aes256 | aes-256-cbc |
| null | aes-128-ccm |
| aes-128-gcm | |
| aes-256-gcm | |
| null |
DH Group for PAN-OS 5.0 and above:
- 1
- 2
- 5
- 14
- no-pfs
additional DH Group for PAN-OS 7.0 and above
- 19
- 20
Note: DES encryption is easily compromised; therefore, it is not supported by Palo Alto Networks firewalls.
owner: panagent