Security and Management Function Specifications

Firewall

Up to 16 IP addresses (or ranges of IP addresses) can be specified for both IPv4 and IPv6.
Up to 32 MAC addresses can be specified.

Keys and Certificates

The following keys and certificates are supported:

Self-generated Key and Self-signed Certificate or CSR

Public key algorithm (and key length)
RSA (512 bits, 1024 bits, 2048 bits, 4096 bits)
DSA (1024 bits, 2048 bits, 3072 bits)
ECDSA (P256, P384, P521)
Certificate signature algorithm
RSA: SHA-1*1, SHA-256, SHA-384*2, SHA-512*2
DSA: SHA-1*1
ECDSA: SHA-1*1, SHA-256, SHA-384, SHA-512
*1 Available only when installed by using the Remote UI.
*2 SHA384-RSA and SHA512-RSA are available only when the RSA key length is 1024 bits or more.

Key and Certificate or CA Certificate for Installation

Format
Key
PKCS#12*1*2
CA certificate
X.509 DER format/PEM format*2
File extension
Key
".p12" or ".pfx"
CA certificate
".cer" or ".pem"
Public key algorithm (and key length)
RSA (512 bits, 1024 bits, 2048 bits, 4096 bits)
DSA (1024 bits, 2048 bits, 3072 bits)
ECDSA (P256, P384, P521)
Certificate signature algorithm
RSA: SHA-1*3, SHA-256, SHA-384*4, SHA-512*4
DSA: SHA-1*3
ECDSA: SHA-1*3, SHA-256, SHA-384, SHA-512
*1 Requirements for the certificate contained in a key are pursuant to CA certificates.
*2 Certificates of more than 2 MB cannot be registered.
*3 Available only when installed by using the Remote UI.
*4 SHA384-RSA and SHA512-RSA are available only when the RSA key length is 1024 bits or more.
The machine does not support use of a certificate revocation list (CRL).

Definition of "Weak Encryption"

When [Prohibit Use of Weak Encryption] in [Encryption Settings] is set to [On], the use of the following algorithms is prohibited. [Encryption Settings]
Hash
MD4, MD5, SHA-1
HMAC
HMAC-MD5
Common key encryption
RC2, RC4, DES
Public key encryption
RSA encryption (512 bits/1024 bits)
RSA signature (512 bits/1024 bits)
DSA (512 bits/1024 bits)
DH (512 bits/1024 bits)
Even when [Prohibit Key/Cert. with Weak Encryption] in [Encryption Settings] is set to [On], the hash algorithm SHA-1, which is used for signing a root certificate, can be used.

TLS

The following combinations of the TLS version and algorithm are usable:
: Usable     : Not usable
Algorithm
TLS Version
TLS 1.3
TLS 1.2
TLS 1.1
TLS 1.0
Encryption Algorithm
AES-CBC (256bit)
AES-CBC (128bit)
AES-GCM (256bit)
AES-GCM (128bit)
3DES-CBC
CHACHA20-POLY1305
Key Exchange Algorithm
RSA
ECDHE
X25519
Signature Algorithm
RSA
ECDSA
HMAC Algorithm
SHA1
SHA256
SHA384
A19C-00J