Cloud Secure Web Gateway (Cloud SWG) IPSec endpoints support all the encryption methods listed in the Tech Docs topic IKE Encryption and Authentication Algorithms. Although weaker algorithms are supported to provide upgrade paths, it is strongly recommended for firewall admins to use stronger cryptography algorithms for their IKE and IPSec configurations. Cloud SWG is configured to not pick a weaker algorithm than the one proposed by the customer firewall.
As a best practice, avoid using weak encryption algorithms such as DES and 3DES, integrity algorithms such as md5 and sha1, and weak Diffie-Hellman groups such as modp1024 (group 2) and modp1536 (group 5).
Encryption algorithms and integrity algorithms that are at least 256 bits long, and Diffie-Hellman groups that are modp2048(group 14) or higher are recommended.