Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
04-03-2013 10:10 AM
When you enable FIPS mode on the firewall, what are the subsets of cipher suites available that the admin guide is referring to?
Admin guide -
"When configuring IPSec, a subset of the normally available cipher suites is available."
04-03-2013 12:59 PM
The ciphers supported under FIPS for ipsec are: HMAC-SHA-1 with either AES128, AES192, or AES256. If perfect forward secrecy is required, only DH Group 14 is permitted.
04-03-2013 12:59 PM
Yeah PA should update that documentation to really specify which cipher suites are supported.
Found this post in this forum but its regarding SSL:
and this one that only Group 14 is supported in FIPS mode regarding IKE/IPSEC:
I asked a similar question for more than a year ago but very limited replies 😃
And in case someone from PA finds this thread, would be nice with a followup for aswell 
04-03-2013 12:59 PM
The ciphers supported under FIPS for ipsec are: HMAC-SHA-1 with either AES128, AES192, or AES256. If perfect forward secrecy is required, only DH Group 14 is permitted.
04-03-2013 01:09 PM
Thanks a ton sdarapuneni.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
