Removed or deprecated hash algorithms, encryption algorithms, and Diffie-Hellman modulus groups

Update your VPN configuration before you upgrade to Firewall Threat Defense 6.70 to supported DH and encryption algorithms to ensure the VPN works correctly.

Update your IKE proposals and IPSec policies to match the ones supported in Firewall Threat Defense 6.70.
Deploy the configuration changes after updating to supported algorithms.

Support has been removed for less secure ciphers. These less secure ciphers have been removed or deprecated from Firewall Threat Defense Version 6.70 onwards:

Diffie-Hellman GROUP 5 is deprecated for IKEv1 and IKEv2.
Diffie-Hellman groups 2 and 24 have been removed.

Encryption algorithms: 3DES, AES-GMAC, AES-GMAC-192, AES-GMAC-256 have been removed.

Note	DES continues to be supported in evaluation mode or for users who do not satisfy export controls for strong encryption. NULL is removed in IKEv2 policy, but supported in both IKEv1 and IKEv2 IPsec transform-sets.