Encryption mode between 6.0 and 9.1

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Encryption mode between 6.0 and 9.1

L1 Bithead

My company are going to migrate upgrade one firewall from 6.0 to 10.1.

And I found below KB points out the supported payload options above and below PANOS 7.0.

Several IKE/IPSec profiles are using aes128 for ESP encryption, is it aes128 equal to aes-128-cbc?


https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClYtCAK

 

PAN-OS 5.0 and abovePAN-OS 7.0 and above
aes128aes-128-cbc
3 REPLIES 3

Cyber Elite
Cyber Elite

Hello,

You also have aes-128-gcm which is different. Not sure how many PAN's you have to upgrade, however it seems like it might be a large-ish project. However version 6 is way low and vulnerable so its worth it to upgrade sooner rather than later.

 

Regards,

The project size is only one small office and with several VPN connections and will be migrated to PA-410.

In current I added aes-128-cbc & aes-128-gcm to IPSec crypto for prevention payload issues.

Cyber Elite
Cyber Elite

Hello,

If you plan on using the machine learning capabilities of the PAN for the remote office, I would suggest a PA-440 instead. The 410 has limitations even with logging. Check out the requirements.

Regards,

  • 1823 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!