Summary
This entry surveys the post-quantum cryptography posture of major networking vendors not covered by dedicated entries. Each section documents the vendor’s stated PQC approach, known implementation status, and open research questions. This is an aggregator entry; individual vendors that merit deeper research will eventually be split into dedicated files.
Research status: Initial survey. Each vendor subsection is rated on a four-point scale: Not started / Roadmap only / Beta/Preview / GA available. As of April 2026, most major networking vendors are at “Roadmap only” stage for production-grade PQC.
Cisco Systems
PQC Status: Roadmap — partial early availability in some products
Cisco is the largest networking vendor globally and has published a quantum-safe strategy across its product lines. Cisco’s PQC efforts span IOS XE (enterprise routing/switching), Firepower/FTD (firewall/IPS), ASA (legacy VPN), and cloud security products.
Known PQC activity:
- Cisco has published technical documentation on quantum-safe VPN intent, referencing IKEv2 PQC KEMs aligned with the IETF RFC 9242/9370 framework.
- Cisco’s IOS XE roadmap has referenced ML-KEM support in IPsec; specific GA release versions require verification from Cisco’s official release notes.
- Cisco Meraki (cloud-managed networking): PQC roadmap status not confirmed from public sources.
- Cisco Talos (threat intelligence) has published research on PQC migration challenges relevant to enterprise customers.
- Cisco participates in NIST and IETF standardization processes.
Key open questions:
- Which IOS XE release first ships GA PQC IKEv2 support?
- Is the Cisco implementation hybrid (classical + ML-KEM) or PQC-only?
- Is Firepower/FTD PQC on the same timeline as IOS XE?
- FIPS 140-3 validation status for Cisco PQC modules?
Sources:
- Cisco Quantum Safe — Cisco’s quantum-safe positioning page
- Cisco IOS XE documentation — Release notes for PQC features (account access may be required)
Palo Alto Networks
PQC Status: Roadmap — early-stage
Palo Alto Networks produces next-generation firewalls (NGFW), Prisma SASE, and Cortex security operations products. PAN-OS is the primary firewall OS.
Known PQC activity:
- Palo Alto has published marketing-level documentation on quantum-safe readiness, primarily referencing the threat model (HNDL) rather than specific implementation details.
- PAN-OS PQC support for IPsec/IKEv2 has been referenced in roadmap discussions; GA availability not confirmed.
- GlobalProtect (Palo Alto’s enterprise VPN) is the primary affected product for IKEv2 PQC.
- Palo Alto’s Prisma SASE architecture (cloud-delivered) may integrate PQC differently than hardware NGFW — cloud-side key exchange can be updated faster than firmware on deployed appliances.
Key open questions:
- Which PAN-OS version first ships PQC IKEv2 support, and for which hardware platforms?
- Is PQC supported in GlobalProtect VPN as client-side or gateway-side first?
- What is the Prisma SASE PQC timeline relative to hardware NGFW?
Sources:
- Palo Alto Networks — Main website
- Palo Alto TechDocs — Official PAN-OS documentation
Fortinet
PQC Status: Roadmap — limited early availability
Fortinet produces FortiGate firewalls, FortiOS, FortiSwitch, FortiSASE, and the Security Fabric integrated security platform. FortiOS is the primary OS for PQC integration.
Known PQC activity:
- Fortinet has documented quantum-safe VPN intentions in FortiOS; some PQC KEM support has been referenced in FortiOS release notes for IKEv2 (specific versions require verification).
- Fortinet’s ASIC-accelerated hardware (FortiASIC) is relevant to PQC performance: if PQC is software-only in current FortiOS releases, high-throughput FortiGate appliances may not achieve line-rate PQC without future FortiASIC updates.
- Fortinet has referenced ML-KEM (Kyber) compatibility in some product documentation.
- FortiClient (endpoint VPN) PQC support is relevant for enterprise deployments; status requires verification.
Key open questions:
- Which FortiOS release ships GA PQC IKEv2 support?
- Is FortiASIC updated to accelerate PQC, or is current support software-only?
- What is the FortiClient VPN PQC client-side timeline?
- FIPS 140-3 validation status for Fortinet PQC implementation?
Sources:
- Fortinet — Main website
- FortiOS documentation — Release notes and admin guides
Check Point Software
PQC Status: Early-stage — roadmap in progress
Check Point produces Quantum Security Gateways (firewall/VPN), CloudGuard, and Harmony endpoint security. Gaia OS runs on Check Point gateways.
Known PQC activity:
- Check Point has published quantum security awareness content but specific Gaia OS PQC IKEv2 implementation documentation is limited from public sources.
- Check Point’s naming convention (its firewall line is called “Quantum Security Gateway,” unrelated to quantum computing) can create confusion in PQC-adjacent searches.
- Check Point participates in industry PQC discussions; specific product-level GA dates are not confirmed.
Key open questions:
- Which Gaia OS version ships GA PQC IKEv2?
- Is Check Point’s PQC program at the same maturity level as Cisco and Fortinet?
Sources:
- Check Point Software — Main website
- Check Point documentation — Gaia OS admin and release documentation
Nokia
PQC Status: Roadmap — government/carrier focus
Nokia produces service provider routing (7750 SR, 7250 IXR series) and enterprise networking equipment running SR OS and SROS. Nokia’s PQC focus is on service provider and government networks rather than enterprise edge.
Known PQC activity:
- Nokia has published a quantum-safe networking roadmap, particularly in the context of national critical infrastructure and government communication networks.
- Nokia’s Bell Labs research arm has published academic work on PQC performance and integration for service provider networks.
- Nokia’s PQC efforts include MACsec (Layer 2 encryption) and IPsec; service provider router-level PQC is a higher-throughput challenge than enterprise edge.
- Nokia has engaged with ETSI and ENISA (European Union Agency for Cybersecurity) on quantum-safe standards.
Key open questions:
- Which SR OS release ships GA PQC support for IKEv2 or MACsec?
- What PQC algorithms does Nokia support, and at what key sizes?
- What is the performance impact of PQC on Nokia’s high-capacity service provider routers?
Sources:
- Nokia — Main website
- Nokia Bell Labs — Research arm; academic publications
Ericsson
PQC Status: Roadmap — telecom/5G focus
Ericsson’s PQC activity is primarily in the context of 5G core network security and radio access network (RAN) management interfaces, not traditional enterprise networking.
Known PQC activity:
- Ericsson has contributed to 3GPP standards discussions on quantum-safe security for 5G; PQC for 5G authentication and key agreement is a longer-horizon standardization effort.
- Ericsson has published quantum security intent aligned with ETSI and ENISA guidance.
Open-Source and Protocol Implementations
Not vendors, but relevant reference points for understanding what shipping PQC looks like at the protocol level:
- strongSwan (open-source IKEv2/IPsec): Has shipped ML-KEM support in IKEv2 hybrid mode; aligned with RFC 9370. This is a useful interoperability reference for comparing vendor implementations.
- OpenSSH 9.0+: Ships with
sntrup761x25519-sha512@openssh.com(NTRU Prime hybrid) enabled by default for SSH key exchange. Vendors embedding older OpenSSH versions need to update. - WireGuard: Does not currently support PQC natively; the protocol’s design requires significant extension for PQC KEM integration. Several research projects (e.g., PQWireGuard) exist but are not production-standardized.
- OpenSSL 3.x: Post-quantum support via the OQS (Open Quantum Safe) provider; not shipping in mainline OpenSSL but available as a verified integration. Relevant to vendors using OpenSSL as their TLS library.
- BoringSSL (Google): Has shipped X25519Kyber768 hybrid TLS 1.3 in Chrome since 2023; Chrome data provides real-world deployment precedent at scale.
Vendor Comparison Summary
| Vendor | Primary OS | PQC Protocol | Status (April 2026) | Notes |
|---|---|---|---|---|
| Sitehop | Proprietary FPGA | IKEv2/IPsec | GA (claimed) | Dedicated PQC HW; see dedicated entry |
| Juniper (HPE) | Junos OS | IKEv2/IPsec | Roadmap | See dedicated entry |
| Cisco | IOS XE, FTD | IKEv2/IPsec | Roadmap / early | Largest vendor; multiple product lines |
| Palo Alto | PAN-OS | IKEv2/IPsec, TLS | Roadmap | GlobalProtect VPN is primary target |
| Fortinet | FortiOS | IKEv2/IPsec | Roadmap / early | FortiASIC HW acceleration TBD |
| Check Point | Gaia OS | IKEv2/IPsec | Early | Less public documentation available |
| Nokia | SR OS | IKEv2, MACsec | Roadmap | Service provider / carrier focus |
| Ericsson | Proprietary | 5G/3GPP | Roadmap | Telecom-specific; not enterprise networking |
All status assessments are based on public documentation as of April 2026 and are subject to change. Verify against current vendor release notes before making procurement decisions.
Sources
- NIST PQC Standards (FIPS 203/204/205) — Authoritative standard reference
- IETF RFC 9370 — Multiple Key Exchanges in IKEv2 (the primary PQC IKEv2 integration mechanism)
- NSA CNSA 2.0 — US government mandate timeline driving vendor roadmaps
- CISA PQC Migration Guidance — US government deployment guidance
- strongSwan PQC documentation — Open-source IKEv2 PQC reference implementation
- Open Quantum Safe (OQS) Project — Open-source PQC library used by multiple vendors