Focus

Prisma SD-WAN

FIPS Approved Ciphers and Algorithms

Table of Contents

Filter

Expand All | Collapse All

Activation & Onboarding
Administration
CloudBlades
Select a Document
- CloudBlade Integrations
- CloudBlades Integration with Prisma Access
Deployment
Incidents & Alerts
Reference
Release Notes
Select a Document
- 6.5
- 6.4
- 6.3
- 6.2
- 6.1
- 5.6
- New Features Guide
- On-Premises Controller
- Prisma SD-WAN CloudBlades
- Prisma Access CloudBlade Cloud Managed
- Prisma Access CloudBlade Panorama Managed

FIPS supports certain ciphers and algorithms.

Where Can I Use This?	What Do I Need?
Prisma SD-WAN	Prisma SD-WAN license

FIPS and FIPS-CC modes supports the following ciphers and algorithms:

SNMP

Cipher suites for TLS connection between ION Device and Controller

IPSec - IKE and ESP Group

Key Exchange	DH Group	Encryption	Hash
IKE Group
IKEv2	ECP-256(Group 19) ECP-384(Group 20) MODP-2048(Group 14)	AES-128-CBC AES-192-CBC AES-256-CBC	SHA-1 SHA-256 SHA-512
ESP Group
IKEv2	ECP-256(Group 19) ECP-384(Group 20) MODP-2048(Group 14)	AES-128-CBC AES-192-CBC AES-256-CBC AES-128-GCM AES-256-GCM	SHA-1 SHA-256 SHA-512

Open SSH


Kex_algorithms	Ecdh-sha2-nistp256 Ecdh-sha2-nistp384 Ecdh-sha2-nistp521 Diffie-hellman-group14-sha1 Diffie-hellman-group14-sha256 Diffie-hellman-group16-sha512 diffie-hellman-group18-sha512
Server_host_key_algorithms	rsa-sha2-512 rsa-sha2-256 Ssh-rsa ecdsa-sha2-nistp256
Encryption_algorithms	aes128-ctr aes192-ctr aes256-ctr
Mac_algorithms	hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com hmac-sha1-etm@openssh.com hmac-sha2-256 Hmac-sha2-512 hmac-sha1