This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

FIPS mode IPSec cipher suite subset

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

FIPS mode IPSec cipher suite subset

Go to solution
jlivingston
L0 Member

‎04-03-2013 10:10 AM

When you enable FIPS mode on the firewall, what are the subsets of cipher suites available that the admin guide is referring to?

Admin guide -

"When configuring IPSec, a subset of the normally available cipher suites is available."

Labels:
1 accepted solution

Accepted Solutions

Go to solution
zarina
L5 Sessionator

‎04-03-2013 12:59 PM

The ciphers supported under FIPS for ipsec are: HMAC-SHA-1 with either AES128, AES192, or AES256.  If perfect forward secrecy is required, only DH Group 14 is permitted.

View solution in original post

0 Likes Likes
3 REPLIES 3

Go to solution
mikand
L6 Presenter

‎04-03-2013 12:59 PM

Yeah PA should update that documentation to really specify which cipher suites are supported.

Found this post in this forum but its regarding SSL:

and this one that only Group 14 is supported in FIPS mode regarding IKE/IPSEC:

I asked a similar question for more than a year ago but very limited replies 😃

And in case someone from PA finds this thread, would be nice with a followup for aswell Smiley Happy

Go to solution
zarina
L5 Sessionator

‎04-03-2013 12:59 PM

The ciphers supported under FIPS for ipsec are: HMAC-SHA-1 with either AES128, AES192, or AES256.  If perfect forward secrecy is required, only DH Group 14 is permitted.

0 Likes Likes

Go to solution
jlivingston
L0 Member
In response to zarina

‎04-03-2013 01:09 PM

Thanks a ton sdarapuneni.

0 Likes Likes
  • 1 accepted solution
  • 3299 Views
  • 3 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks