IPSec Crypto Profile Authentication BPA Checks

Retired Member · ‎11-13-2019

IPSec Crypto - Profile Authentication - Interpreting BPA Checks - Network

In this video, we provide information about IPSec Crypto Profile Authentication and why you should use SHA256 or a higher authentication.

Select the desired authentication algorithms and change the order as needed. The order in which algorithms are added is the order in which the firewall applies them. The IPSec Crypto Profile Authentication best practice check ensures SHA256 or a higher authentication is being used in the IPSec Crypto Profile. Keep in mind that MD5 and SHA1 are not secure.

For more information on IPSec Crypto Profile Authentication, please review the following articles:

Network - Network Profiles - IPSec Crypto (TechDocs - PAN-OS® Web Interface Reference Guide)

Define IPSec Crypto Profiles

For additional resources regarding BPA, visit our LIVEcommunity BPA tool page.
View videos regarding BPA Network best practice checks.
View videos regarding BPA Policies best practice checks.
View videos regarding BPA Objects best practice checks.
View videos regarding BPA Devices best practice checks.
You may also view other BPA video playlist on the LIVEcommunity YouTube channel.

P-Nielsen · ‎11-19-2020

I'm not sure if this check is valid for Suite-B-GCM-256?

Unlock your full community experience!

IPSec Crypto Profile Authentication BPA Checks

IPSec Crypto Profile Authentication BPA Checks

IPSec Crypto - Profile Authentication - Interpreting BPA Checks - Network