Palo Alto Networks Knowledgebase: IPSEC Crypto Options

IPSEC Crypto Options

7224
Created On 02/08/19 00:00 AM - Last Updated 02/08/19 00:00 AM
VPNs
Resolution

Overview

This document describes the hash functions and encryption algorithms supported by the Palo Alto Networks firewall.

Details

AH Priority

PAN-OS 5.0 and above
md5
sha1
sha256
sha384
sha512

ESP Authentication

PAN-OS 5.0 and above
sha1
md5
sha256
sha384
sha512
none

ESP encryption

PAN-OS 5.0 and above
PAN-OS 7.0 and above
3des3des
aes128aes-128-cbc
aes192aes-192-cbc
aes256aes-256-cbc
nullaes-128-ccm
aes-128-gcm
aes-256-gcm
null

DH Group for PAN-OS 5.0 and above:

  • 1
  • 2
  • 5
  • 14
  • no-pfs

additional DH Group for PAN-OS 7.0 and above

  • 19
  • 20

Note: DES encryption is easily compromised; therefore, it is not supported by Palo Alto Networks firewalls.

owner: panagent



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClYtCAK&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language