Fortinet black logo

CLI Reference

fips

fips

Use this command to set the Federal Information Processing Standards (FIPS) status. FIPS mode is an enhanced security option for some FortiManager models. Installation of FIPS firmware is required only if the unit was not ordered with this firmware pre-installed.

Syntax

config system fips

set status {enable | disable}

set entropy-token {enable | disable | dynamic}

set re-seed-interval <integer>

end

Variable

Description

Default

status {enable | disable}

Enable/disable the FIPS-CC mode of operation.

enable

entropy-token {enable | disable | dynamic}

Configure support for the FortiTRNG entropy token:

  • enable: The token must be present during boot up and reseeding. If the token is not present, the boot up or reseeding is interrupted until the token is inserted.
  • disable: The current entropy implementation is used to seed the Random Number Generator (RNG).
  • dynamic: The token is used to seed or reseed the RNG if it is present. If the token is not present, the boot process is not blocked and the old entropy implementation is used.

disable

re-seed-interval <integer>

The amount of time, in minutes, between RNG reseeding.

1440

fips

Use this command to set the Federal Information Processing Standards (FIPS) status. FIPS mode is an enhanced security option for some FortiManager models. Installation of FIPS firmware is required only if the unit was not ordered with this firmware pre-installed.

Syntax

config system fips

set status {enable | disable}

set entropy-token {enable | disable | dynamic}

set re-seed-interval <integer>

end

Variable

Description

Default

status {enable | disable}

Enable/disable the FIPS-CC mode of operation.

enable

entropy-token {enable | disable | dynamic}

Configure support for the FortiTRNG entropy token:

  • enable: The token must be present during boot up and reseeding. If the token is not present, the boot up or reseeding is interrupted until the token is inserted.
  • disable: The current entropy implementation is used to seed the Random Number Generator (RNG).
  • dynamic: The token is used to seed or reseed the RNG if it is present. If the token is not present, the boot process is not blocked and the old entropy implementation is used.

disable

re-seed-interval <integer>

The amount of time, in minutes, between RNG reseeding.

1440