Postquantum Security IKEv2 PPK fortios

 In this blog you will see a simple PPK deployment to ensure PSK are not crackable. 

1st PPK is a IKEv2 feature

2nd you can make it option or mandatory in the fortios . This allows for a simple PSK and the choice of enforcing PPK

here's the fgt1 cfg

the 2nd fgt is exactly the same in this the fgt1 is a dynamic-ipsec peer

To verify PPK was used run the "diag vpn ike gateway" cmd from cli

To craft a strong ppk-secret is suggest 64 characters or more. Openssl or python can be used for this. Just make it random.

or

$ cat ran.py

import random

import string

ppk = [random.choice(string.ascii_letters + string.digits) for n in xrange(64)]

str = "".join(ppk)

print str

NSE ( network security expert) and Route/Switching Engineer

kfelix  -----a----t---- socpuppets ---dot---com

     ^      ^

=(  @  @ )=

         o

        /  \