IPSec Crypto Profile Authentication BPA Checks

Showing results for 
Show  only  | Search instead for 
Did you mean: 
Please sign in to see details of an important advisory in our Customer Advisories area.
Retired Member
Not applicable
No ratings

IPSec Crypto - Profile Authentication - Interpreting BPA Checks - Network


In this video, we provide information about IPSec Crypto Profile Authentication and why you should use SHA256 or a higher authentication.


Select the desired authentication algorithms and change the order as needed. The order in which algorithms are added is the order in which the firewall applies them. The IPSec Crypto Profile Authentication best practice check ensures SHA256 or a higher authentication is being used in the IPSec Crypto Profile. Keep in mind that MD5 and SHA1 are not secure.


For more information on IPSec Crypto Profile Authentication, please review the following articles:

Network - Network Profiles - IPSec Crypto (TechDocs - PAN-OS® Web Interface Reference Guide)

Define IPSec Crypto Profiles


For additional resources regarding BPA, visit our LIVEcommunity BPA tool page.
View videos regarding BPA Network best practice checks.
View videos regarding BPA Policies best practice checks.
View videos regarding BPA Objects best practice checks.
View videos regarding BPA Devices best practice checks.
You may also view other BPA video playlist on the LIVEcommunity YouTube channel.
Rate this article:
L0 Member

I'm not sure if this check is valid for Suite-B-GCM-256?