Algorithm used by GlobalProtect for IPSec

Algorithm used by GlobalProtect for IPSec

0
Created On 09/25/18 19:49 PM - Last Modified 07/19/22 23:07 PM


Resolution


Global protect uses the following alogrithms for IPSec:

 

Encryption:

aes-128.cbc
aes-128-gcm
aes-256-gcm

 

Authentication:
sha1

 

However prior to PAN-OS 7.0.X we didn't have control on the algorithm to be used for GlobalProtect. From PAN-OS 7.0.x, we have the control to select a particular algorithm.

 

From  PAN-OS 7.0.x onwards, the default IPSec encryption is AES128 and authentication is SHA1.

 

We can change the setting as follows:

 

1. Create a GlobalProtect IPSec Crypto Profile : Network tab > Network profiles > GlobalProtect IPsec Crypto

 

GlobalProtect IPSec Crypto.png

 

2. Apply the GlobalProtect IPSec Crypto Profile in your GlobalProtecct Gateway : Network tab > GlobalProtect > Gateways:

 

Gateway Apply.png
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClenCAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail