IPSEC Crypto Options

IPSEC Crypto Options

38294
Created On 09/25/18 19:26 PM - Last Modified 06/12/23 20:44 PM


Resolution


Overview

This document describes the hash functions and encryption algorithms supported by the Palo Alto Networks firewall.

Details

AH Priority

PAN-OS 5.0 and above
md5
sha1
sha256
sha384
sha512

ESP Authentication

PAN-OS 5.0 and above
sha1
md5
sha256
sha384
sha512
none

ESP encryption

PAN-OS 5.0 and above
PAN-OS 7.0 and above
3des3des
aes128aes-128-cbc
aes192aes-192-cbc
aes256aes-256-cbc
nullaes-128-ccm
aes-128-gcm
aes-256-gcm
null

DH Group for PAN-OS 5.0 and above:

  • 1
  • 2
  • 5
  • 14
  • no-pfs

additional DH Group for PAN-OS 7.0 and above

  • 19
  • 20

Note: DES encryption is easily compromised; therefore, it is not supported by Palo Alto Networks firewalls.

owner: panagent



Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClYtCAK&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language