We have a Fortigate in HQ connected to a bunch of branch offices with IPsec VPN in a hub & spoke configuration.
Speeds varies from 10mbps to 100 mbps pr. Branch office.
Currently phase2 is set up with: aes128 and SHA256.
Fortigate now supports AES GCM and can be used in phase2 for IPsec VPN tunnels.
There something new & fancy out there, but I have no idea if it's better.
Hope some of you in here can enlighten me :)
1. Does GCM provide better throughput and/or is less CPU intensive?
2. Does it provide better security?
Understand the principle of encryption but not the inner workings, please take that into consideration.