Traditional encryption modes like Cipher Block Chaining (CBC) can introduce performance overhead and lack the combined authentication and encryption needed for modern network security. To address these limitations, Prisma SD-WAN introduces Galois/Counter Mode (GCM) support for fabric tunnels and standard VPN connections. This feature introduces AES-GCM-128 and AES-GCM-256 algorithms, providing Authenticated Encryption with Associated Data (AEAD) capabilities. By implementing GCM, you gain improved performance and stronger security compared to traditional CBC modes.

GCM encryption provides compatibility with both static and dynamic IPsec setups across specific tunnels. This feature is particularly beneficial when connecting to third-party services or when you require heightened security measures for sensitive data transmission. The implementation supports IKEv2 authentication protocols and integrates seamlessly with existing key management processes.