FIPS-CC Security Functions

Security functions are enforced for the GlobalProtect app when you enable FIPS-CC mode.
When you enable FIPS-CC mode for GlobalProtect, the following security functions are enforced for all GlobalProtect apps on Windows and macOS endpoints:
  • You must encrypt all VPN tunnels between the GlobalProtect app and gateways using TLS or IPSec.
  • When you configure an IPSec VPN tunnel, you must select a cipher suite option presented during IPSec setup.
  • When you configure an IPSec VPN tunnel, you can specify one of the following encryption algorithms:
    • AES-CBC-128 (with the SHA1 authentication algorithm)
    • AES-GCM-128
    • AES-GCM-256
  • Both server and client certificates must use one of the following signature algorithms:
    • RSA 2048 bit (or greater)
    • ECDSA P-256
    • ECDSA P-384
    • ECDSA P-521
    In addition, you must use a signature hash algorithm of SHA256, SHA384, or SHA512.

Recommended For You