Enable FIPS mode
It is important that you follow this procedure to make sure that you enable Federal Information Processing Standards (FIPS) mode correctly.
About this task
When you switch to Federal Information Processing Standards (FIPS) mode, local user Web
user interface (UI) passwords become invalid. To take advantage of
FIPS encryption, you can use the
n2os-passwd
command to reset the passwords.
The n2os-passwd <USER>
command takes several seconds to several
minutes to prompt the user for a new password. On the R50 platform, the prompt may
take up to three minutes.
Procedure
- Log into the console.
-
To go to privileged mode, enter this command:
enable-me
You can now perform system changes. -
Note: For Central Management Console (CMC)s, version 23.1.0 or later, it is not necessary to do the next step.Note: For Guardians, version 23.1.0 or later, you can also do the next two steps after you have enabled FIPS.To configure the FIPS license, enter the command:
echo 'conf.user configure license fips xxxxxxxx' | cli
-
Note: For CMCs, version 23.1.0 or later, it is not necessary to do the next step.To restart the intrusion detection system (IDS), enter the command:
service n2osids stop
The IDS stops. After a few seconds, it will automatically start again. -
To enable FIPS mode, enter the command:
n2os-fips-enable
The system automatically reboots. - In the container edition, stop the current container and start a new one with the same settings.
-
To change the password for every user, enter the command:
n2os-passwd <USER>
- Log in to the sensor.
-
In the top navigation bar, select
The administration page opens.
-
In the System section, select Updates and
licenses.
The Updates and licenses page opens.
- In the Current license section for FIPS, make sure that the License status shows ok.
- Do this procedure again for all CMCs and Guardians.