uOS - IPSec VPN AES-GCM Enabled
Zyxel Employee
Implementing AES-GCM for IPSec VPN
UOS now supports AES-GCM (Galois/Counter Mode) for IPSec VPNs. This is an AEAD (Authenticated Encryption with Associated Data) mode that provides both encryption and authentication in a single, efficient step.
IKEv2 and PRF Requirements
AES-GCM is only supported when using IKEv2 because the AEAD standard was developed after IKEv1 was established. When AES-GCM is selected, the traditional authentication field is replaced by the PRF (Pseudo-Random Function) algorithm, which is used to generate keys for the Security Associations (SAs).
GUI and Error Handling
The option is available in both the local GUI and NCC. If a user attempts to switch a GCM-configured tunnel back to IKEv1, the firewall will automatically revert the phase one settings to a supported default value to prevent configuration conflicts.
Categories
- All Categories
- 442 Beta Program
- 2.9K Nebula
- 219 Nebula Ideas
- 127 Nebula Status and Incidents
- 6.5K Security
- 588 USG FLEX H Series
- 344 Security Ideas
- 1.7K Switch
- 84 Switch Ideas
- 1.4K Wireless
- 52 Wireless Ideas
- 7K Consumer Product
- 298 Service & License
- 477 News and Release
- 91 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.8K FAQ
- 34 Documents
- 87 About Community
- 105 Security Highlight