The IPsec Client incorporates cryptographic algorithms conformant to the FIPS standard. The embedded cryptographic module incorporating these algorithms has been validated as conformant to FIPS 140-2 (certificate #1051).
FIPS conformance will always be maintained when any of the following algorithms are used for establishment and encryption of the IPsec connection:
- Diffie Hellman Group: Group 2 or higher (DH starting from a length of 1024 Bit)
- Hash Algorithms: SHA1, SHA 256, SHA 384, or SHA 512 Bit
- Encryption Algorithms: AES with 128, 192 or 256 Bit or Triple DES
Additionally to ScreenOS the JunOS based Juniper Hardware is supported.
On Windows 7, data could not be transferred over a VPN tunnel when the supporting Internet connection was via a UMTS / Mobile Broadband link not established by the NCP Entry Client. This problem has been resolved.