Security and Management Function Specifications
Firewall
Up to 16 IP addresses (or ranges of IP addresses) can be specified for both IPv4 and IPv6.
Up to 32 MAC addresses can be specified.
Keys and Certificates
The following keys and certificates are supported:
Self-generated Key and Self-signed Certificate or CSR
Public key algorithm (and key length) | RSA (512 bits, 1024 bits, 2048 bits, 4096 bits) ECDSA (P256, P384, P521) |
Certificate signature algorithm | RSA: SHA-256, SHA-384*1, SHA-512*1 ECDSA: SHA-256, SHA-384, SHA-512 |
*1 SHA384-RSA and SHA512-RSA are available only when the RSA key length is 1024 bits or more.
Key and Certificate or CA Certificate for Installation
Format | Key PKCS#12*1*2 CA certificate X.509 DER format/PEM format*2 |
File extension | Key ".p12" or ".pfx" CA certificate ".cer" or ".pem" |
Public key algorithm (and key length) | RSA (512 bits, 1024 bits, 2048 bits, 4096 bits) ECDSA (P256, P384, P521) |
Certificate signature algorithm | RSA: SHA-256, SHA-384*3, SHA-512*3 ECDSA: SHA-256, SHA-384, SHA-512 |
*1 Requirements for the certificate contained in a key are pursuant to CA certificates.
*2 Certificates of more than 2 MB cannot be registered.
*3 SHA384-RSA and SHA512-RSA are available only when the RSA key length is 1024 bits or more.
|
The machine does not support use of a certificate revocation list (CRL). |
Definition of "Weak Encryption"
When [Prohibit Use of Weak Encryption] in [Encryption Settings] is set to [On], the use of the following algorithms is prohibited. [Encryption Settings]
Hash | MD4, MD5, SHA-1 |
HMAC | HMAC-MD5 |
Common key encryption | RC2, RC4, DES |
Public key encryption | RSA encryption (512 bits/1024 bits) RSA signature (512 bits/1024 bits) DSA (512 bits/1024 bits) DH (512 bits/1024 bits) |
|
Even when [Prohibit Key/Cert. with Weak Encryption] in [Encryption Settings] is set to [On], the hash algorithm SHA-1, which is used for signing a root certificate, can be used. |
TLS
The following combinations of the TLS version and algorithm are usable:
: Usable 
: Not usableAlgorithm | TLS Version | |||
TLS 1.3 | TLS 1.2 | TLS 1.1 | TLS 1.0 | |
Encryption Algorithm | ||||
AES-CBC (256bit) | | | | |
AES-CBC (128bit) | | | | |
AES-GCM (256bit) | | | | |
AES-GCM (128bit) | | | | |
3DES-CBC | | | | |
CHACHA20-POLY1305 | | | | |
Key Exchange Algorithm | ||||
RSA | | | | |
ECDHE | | | | |
X25519 | | | | |
Signature Algorithm | ||||
RSA | | | | |
ECDSA | | | | |
HMAC Algorithm | ||||
SHA1 | | | | |
SHA256 | | | | |
SHA384 | | | | |