Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • CLI Reference

    Home FortiWeb 6.2.3 CLI Reference
    6.2.3
    7.6.1
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.3.23
    6.3.19
    6.3.18
    6.3.17
    6.3.16
    6.3.15
    6.3.14
    6.3.13
    6.3.11
    6.3.10
    6.3.9
    6.3.7
    6.3.6
    6.3.5
    6.3.4
    6.3.3
    6.3.2
    6.3.1
    6.3.0
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.1.2
    6.1.1
    5.7.0
    5.6.1
    5.6.0

    system fips-cc

    system fips-cc

    Use this command to enable and configure Federal Information Processing Standards (FIPS) and Common Criteria (CC) compliant mode.

    Syntax

    config system fips-cc

    set status {enable | disable}

    set entropy-token {dynamic | enable | disable}

    set reseed-interval <reseed-interval_int>

    set ssl-client-restrict {enable | disable}

    end

    Variable Description Default

    status {enable | disable}

    		 Enable/disable FIPS operation mode. This can be done only by the console.

    disable

    entropy-token {dynamic | enable | disable}

    		 Use the entropy token to seed the RNG in FIPS-CC mode.
    • When the status is enable, the entropy token is used to seed or reseed the RNG, and it must be inserted to FortiWeb.
    • When the status is disable, the entropy token is not used to seed or reseed the RNG, but the old method will be used to seed or reseed the RNG.
    • When the status is dynamic, it means when entropy token is present, the entropy token will be used to seed or reseed the RNG; if the token is not present, the old method will be used to seed or reseed the RNG.

    		 disable

    reseed-interval <reseed-interval_int>

    		 Set the interval to reseed the RNG. The valid range is 0–1440 minutes.

    1440

    ssl-client-restrict {enable | disable}

    		 Enable/disable ciphers restriction. disable
    Previous
    Next

    system fips-cc

    system fips-cc

    Use this command to enable and configure Federal Information Processing Standards (FIPS) and Common Criteria (CC) compliant mode.

    Syntax

    config system fips-cc

    set status {enable | disable}

    set entropy-token {dynamic | enable | disable}

    set reseed-interval <reseed-interval_int>

    set ssl-client-restrict {enable | disable}

    end

    Variable Description Default

    status {enable | disable}

    		 Enable/disable FIPS operation mode. This can be done only by the console.

    disable

    entropy-token {dynamic | enable | disable}

    		 Use the entropy token to seed the RNG in FIPS-CC mode.
    • When the status is enable, the entropy token is used to seed or reseed the RNG, and it must be inserted to FortiWeb.
    • When the status is disable, the entropy token is not used to seed or reseed the RNG, but the old method will be used to seed or reseed the RNG.
    • When the status is dynamic, it means when entropy token is present, the entropy token will be used to seed or reseed the RNG; if the token is not present, the old method will be used to seed or reseed the RNG.

    		 disable

    reseed-interval <reseed-interval_int>

    		 Set the interval to reseed the RNG. The valid range is 0–1440 minutes.

    1440

    ssl-client-restrict {enable | disable}

    		 Enable/disable ciphers restriction. disable
    Previous
    Next