Palo Alto Networks Compatibility Matrix
    : PAN-OS 11.2 IPSec Cipher Suites
    Focus
    Download PDF
    Focus
    1. Home
    2. Palo Alto Networks Compatibility Matrix
    3. Supported Cipher Suites
    4. Cipher Suites Supported in PAN-OS 11.2
    5. PAN-OS 11.2 IPSec Cipher Suites
    Download PDF

    Palo Alto Networks Compatibility Matrix

    PAN-OS 11.2 IPSec Cipher Suites

    Table of Contents

    PAN-OS 11.2 IPSec Cipher Suites

    List of cipher suites supported for IPSec on firewalls running PAN-OS® 11.2 in normal operation mode.
    The following table lists the cipher suites for IPSec that are supported on firewalls running a PAN-OS® 11.2 release in normal (non-FIPS-CC) operational mode.
    If your firewall is running in FIPS-CC mode, see the list of PAN-OS 11.2 Cipher Suites Supported in FIPS-CC Mode.
    Feature or Function
    Ciphers Supported in PAN-OS 11.2 Releases
    IPSec—Post-Quantum Cryptographic Suites (PQCs)
    You can use these cipher suites to secure the rekey operations for your IPSec tunnels.
    • ML-KEM—512-bit, 768, bit, and 1024-bit keys
    • HQC—128-bit, 192-bit, and 256-bit keys
    • BIKE—bike-L1, bike-L3, & bike-L5
    • Classic McEliece—348,864-bit and 348,864f-bit
    • FrodoKEM:
      • 640-AES, 976-AES, and 1344-AES
      • 640-SHAKE, 976-SHAKE, and 1344-SHAKE
    • NTRU-Prime—sntrup761
    IPSec—Encryption
    • NULL
    • 3DES
    • AES-128-CBC
    • AES-192-CBC
    • AES-256-CBC
    • AES-128-CCM
    • AES-128-GCM
    • AES-256-GCM
    IPSec—Message Authentication
    • NONE
    • HMAC-MD5
    • HMAC-SHA-1
    • HMAC-SHA-256
    • HMAC-SHA-384
    • HMAC-SHA-512
    IPSec—Key Exchange
    Diffie-Hellman groups with or without perfect forward secrecy (PFS):
    • No PFS—This option specifies that the firewall reuses the same key for IKE phase 1 and phase 2 instead of renewing the key for phase 2.
    • Group 1 (768-bit keys) with PFS enabled
    • Group 2 (1024-bit keys) with PFS enabled
    • Group 5 (1536-bit keys) with PFS enabled
    • Group 14 (2048-bit keys) with PFS enabled
    • Group 15 (3072-bit modular exponential group)
    • Group 16 (4096-bit modular exponential group)
    • Group 19 (256-bit elliptic curve group) with PFS enabled
    • Group 20 (384-bit elliptic curve group) with PFS enabled
    • Group 21 (512-bit random elliptic curve group)

    Recommended For You

    © 2024 Palo Alto Networks, Inc. All rights reserved.