Hardware reference guide
GlobalProtect Administrator’s Guide 57
Set Up the GlobalProtect Infrastructure Reference: GlobalProtect Agent Cryptographic Functions
Reference: GlobalProtect Agent Cryptographic Functions
The GlobalProtect agent uses the OpenSSL library 0.9.8p to establish secure communication with the
GlobalProtect portal and GlobalProtect gateways. The following table lists each GlobalProtect agent function
that requires a cryptographic function and details the cryptographic keys the GlobalProtect agent uses:
Crypto Function Key Usage
Winhttp (Windows) and
NSURLConnection (MAC)
AES256-SHA
Dynamic key negotiated between
the GlobalProtect agent and the
GlobalProtect portal and/or
gateway for establishing the HTTPS
connection.
Used to establish the HTTPS
connection between the GlobalProtect
agent and the GlobalProtect portal and
GlobalProtect gateway for
authentication.
OpenSSL
AES256-SHA
Dynamic key negotiated between
the GlobalProtect agent and the
GlobalProtect gateway during the
SSL handshake.
Used to establish the SSL connection
between the GlobalProtect agent and the
GlobalProtect gateway for HIP report
submission, SSL tunnel negotiation, and
network discovery.
IPsec encryption and authentication
AES128-SHA1
The session key sent from the
GlobalProtect gateway.
Used to establish the IPsec tunnel
between the GlobalProtect agent and the
GlobalProtect gateway.