IPSEC Crypto Options
38294
Created On 09/25/18 19:26 PM - Last Modified 06/12/23 20:44 PM
Resolution
Overview
This document describes the hash functions and encryption algorithms supported by the Palo Alto Networks firewall.
Details
AH Priority
PAN-OS 5.0 and above |
---|
md5 |
sha1 |
sha256 |
sha384 |
sha512 |
ESP Authentication
PAN-OS 5.0 and above |
---|
sha1 |
md5 |
sha256 |
sha384 |
sha512 |
none |
ESP encryption
PAN-OS 5.0 and above | PAN-OS 7.0 and above |
---|---|
3des | 3des |
aes128 | aes-128-cbc |
aes192 | aes-192-cbc |
aes256 | aes-256-cbc |
null | aes-128-ccm |
aes-128-gcm | |
aes-256-gcm | |
null |
DH Group for PAN-OS 5.0 and above:
- 1
- 2
- 5
- 14
- no-pfs
additional DH Group for PAN-OS 7.0 and above
- 19
- 20
Note: DES encryption is easily compromised; therefore, it is not supported by Palo Alto Networks firewalls.
owner: panagent