Fortinet white logo
Fortinet white logo

CLI Reference

fips

fips

Use this command to enable Federal Information Processing Standards-Common Criteria (FIPS-CC) mode.

This enhanced security mode is required by some organizations, but may not be appropriate for others. It is valid only if you have installed a FIPS-certified firmware build. For more information on FIPS, or to obtain a certified build, contact Fortinet Technical Support.

When switching to FIPS mode, you will be prompted to confirm, and must log in again.

To disable FIPS mode, restore the firmware default configuration using factoryreset.

Back up the configuration before enabling FIPS mode. When you enable or disable FIPS-CC mode, all of the existing configuration is lost. For more information on making a complete backup, see the FortiMail Administration Guide.

Syntax

execute fips kat {3des | aes | configuration-test | integrity-test | rng | rsa | sha1-hmac | all}

Variable

Description

Default

{3des | aes | configuration-test | integrity-test | rng | rsa | sha1-hmac | all}

3des: Triple-DES known answer test.

aes: AES known answer test

configuration-test: Configuration bypass test.

integrity-test: Firmware integrity test.

rng: Random number generator known answer test.

rsa: RSA known answer test.

sha1-hmac: SHA1-HMAC known answer test.

all: All known answer tests.

Related topics

restore image

fips

fips

Use this command to enable Federal Information Processing Standards-Common Criteria (FIPS-CC) mode.

This enhanced security mode is required by some organizations, but may not be appropriate for others. It is valid only if you have installed a FIPS-certified firmware build. For more information on FIPS, or to obtain a certified build, contact Fortinet Technical Support.

When switching to FIPS mode, you will be prompted to confirm, and must log in again.

To disable FIPS mode, restore the firmware default configuration using factoryreset.

Back up the configuration before enabling FIPS mode. When you enable or disable FIPS-CC mode, all of the existing configuration is lost. For more information on making a complete backup, see the FortiMail Administration Guide.

Syntax

execute fips kat {3des | aes | configuration-test | integrity-test | rng | rsa | sha1-hmac | all}

Variable

Description

Default

{3des | aes | configuration-test | integrity-test | rng | rsa | sha1-hmac | all}

3des: Triple-DES known answer test.

aes: AES known answer test

configuration-test: Configuration bypass test.

integrity-test: Firmware integrity test.

rng: Random number generator known answer test.

rsa: RSA known answer test.

sha1-hmac: SHA1-HMAC known answer test.

all: All known answer tests.

Related topics

restore image