Support For Sha256 - Fortinet FortiGate Series Administration Manual
Hide thumbs
Also See for FortiGate Series:
- Administration manual (60 pages) ,
- Install manual (51 pages) ,
- Quick start manual (14 pages)
Table of Contents
Advertisement
IPsec protocol improvements
Support for SHA256
68
config vpn ipsec phase2
config vpn ipsec phase2-interface
In FortiOS 4.0 MR1, you can use the SHA256 authentication digest, which is more secure
than the SHA1 and MD5 algorithms. The SHA256 option is available in the web-based
manager locations:
•
P1 Proposal, Authentication in VPN > IPsec > Auto Key (IKE) > Create Phase 1
•
P2 Proposal, Authentication in VPN > IPsec > Auto Key (IKE) > Create Phase 2
•
Authentication Algorithm, in VPN > IPsec > Manual Key > Create New
The equivalent settings in the CLI are:
•
config vpn ipsec phase1 or config vpn ipsec phase1-interface
edit <gateway_name>
set proposal <encryption_combination>
You can set the authentication portion of <encryption_combination> to SHA256,
for example 3des-sha256.
•
config vpn ipsec phase2 or config vpn ipsec phase2-interface
edit <tunnel_name>
set proposal <encryption_combination>
You can set the authentication portion of <encryption_combination> to SHA256,
for example 3des-sha256.
•
config vpn ipsec manualkey
edit <tunnel_name>
set authentication <authentication_algorithm>
You can set <authentication_algorithm> to sha256.
•
config vpn ipsec manualkey-interface
edit <tunnel_name>
set auth-alg <authentication_algorithm>
You can set <authentication_algorithm> to sha256.
What's new in FortiOS Version 4.0 MR1
FortiGate Version 4.0 MR1 Administration Guide
01-410-89802-20090903
http://docs.fortinet.com/
•
Feedback
Advertisement
Table of Contents
