Use the GlobalProtect IPSec Crypto Profiles page
to specify algorithms for authentication and encryption in VPN tunnels
between a GlobalProtect gateway and clients. The order in which
you add algorithms is the order in which the firewall applies them,
and can affect tunnel security and performance. To change the order,
select an algorithm and Move Up or Move
Down.
Enter a name to identify the profile. The
name is case-sensitive, must be unique, and can have up to 31 characters.
Use only letters, numbers, spaces, hyphens, and underscores.
Encryption
Click Add and select
the desired encryption algorithms. For highest security, change
the order (top to bottom) to: aes-256-gcm, aes-128-gcm, aes-128-cbc.
Authentication
Click Add and select
the authentication algorithm. Currently, the only option is sha1.
