Define Cryptographic Profiles
Focus
Focus
Network Security

Define Cryptographic Profiles

Table of Contents

Define Cryptographic Profiles

Where Can I Use This?What Do I Need?
  • Prisma Access
  • PAN-OS
No license required
A cryptographic profile specifies the ciphers used for authentication and/or encryption between two IKE peers, and the lifetime of the key. The time period between each renegotiation is known as the lifetime; when the specified time expires, the firewall renegotiates a new set of keys.
For securing communication across the VPN tunnel, the firewall requires IKE and IPSec cryptographic profiles for completing IKE phase-1 and phase-2 negotiations, respectively. The firewall includes a default IKE Crypto profile and a default IPSec Crypto profile that are ready for use. If you don't want to use the default IKE or IPSec profiles or compliance suites provided, you can configure your own IKE or IPSec profile using the configuration steps provided in this chapter.
The cryptographic profiles (that is, IKE and IPSec profiles) provide information about the algorithms that are used to authenticate, encrypt, and establish a shared secret between network sites.
  • Define IKE Crypto profiles—The IKE profiles specify the algorithms that are used to authenticate, encrypt, and establish a shared secret between network sites when you establish an IKE tunnel. These IKE parameters should match on the remote firewall for the IKE phase 1 negotiation to be successful.
  • Define IPSec Crypto profiles —The IPSec profiles specify the algorithms that are used to authenticate, encrypt, and establish a shared secret between network sites when you establish an IPSec tunnel. These IPSec parameters should match on the remote firewall for the IKE phase 2 negotiation to be successful.