https://live.paloaltonetworks.com/t5/general-topics/password-policy/m-p/22872#M16686 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P><BR />This option is available by enabling FIPS mode (FIPS 140-2) on the FW, though the following options will also apply:</P><P></P><P><STRONG style="font-size: 12pt; ">Federal Information Processing Standards Support:</STRONG></P><P></P><P>• To log into the firewall, the browser must be TLS 1.0 compatible.</P><P>• All passwords on the firewall must be at least six characters.</P><P>• Accounts are locked after the number of failed attempts that is configured on theDevice &gt; Setup &gt; Management page. If the firewall is not in FIPS mode, it can be configured so that it never locks out; however in FIPS mode, and lockout time is required.</P><P>• The firewall automatically determines the appropriate level of self-testing and enforces the appropriate level of strength in encryption algorithms and cipher suites.</P><P>• Non-FIPS approved algorithms are not decrypted and are thus ignored during decryption.</P><P>• When configuring IPSec, a subset of the normally available cipher suites is available.</P><P>• Self-generated and imported certificates must contain public keys that are 2048 bits (or more).</P><P>• The serial port is disabled.</P><P>• Telnet, TFTP, and HTTP management connections are unavailable.</P><P>• Surf control is not supported.</P><P>• High availability (HA) encryption is required.</P><P>• PAP authentication is disabled..</P><P><BR />Below is a Knowledgepoint Article regarding FIPS Mode:</P><P><BR /><A class="jive-link-external-small" href="https://live.paloaltonetworks.com/docs/DOC-1536">https://live.paloaltonetworks.com/docs/DOC-1536</A></P><P><BR />FIPS mode (enabling/details) can be referenced as well via your Admin Guide.</P><P><BR />Regards,</P><P><BR />Bryan</P></BODY></HTML> Mon, 04 Jul 2011 19:32:44 GMT bryan 2011-07-04T19:32:44Z https://live.paloaltonetworks.com/t5/general-topics/password-policy/m-p/22871#M16685 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>does somebody know how to setup Password Policy for management users in PAN OS 4? I am talking about minimum password length, special characters etc.</P></BODY></HTML> Mon, 04 Jul 2011 08:53:28 GMT https://live.paloaltonetworks.com/t5/general-topics/password-policy/m-p/22871#M16685 volksbank 2011-07-04T08:53:28Z https://live.paloaltonetworks.com/t5/general-topics/password-policy/m-p/22872#M16686 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P><BR />This option is available by enabling FIPS mode (FIPS 140-2) on the FW, though the following options will also apply:</P><P></P><P><STRONG style="font-size: 12pt; ">Federal Information Processing Standards Support:</STRONG></P><P></P><P>• To log into the firewall, the browser must be TLS 1.0 compatible.</P><P>• All passwords on the firewall must be at least six characters.</P><P>• Accounts are locked after the number of failed attempts that is configured on theDevice &gt; Setup &gt; Management page. If the firewall is not in FIPS mode, it can be configured so that it never locks out; however in FIPS mode, and lockout time is required.</P><P>• The firewall automatically determines the appropriate level of self-testing and enforces the appropriate level of strength in encryption algorithms and cipher suites.</P><P>• Non-FIPS approved algorithms are not decrypted and are thus ignored during decryption.</P><P>• When configuring IPSec, a subset of the normally available cipher suites is available.</P><P>• Self-generated and imported certificates must contain public keys that are 2048 bits (or more).</P><P>• The serial port is disabled.</P><P>• Telnet, TFTP, and HTTP management connections are unavailable.</P><P>• Surf control is not supported.</P><P>• High availability (HA) encryption is required.</P><P>• PAP authentication is disabled..</P><P><BR />Below is a Knowledgepoint Article regarding FIPS Mode:</P><P><BR /><A class="jive-link-external-small" href="https://live.paloaltonetworks.com/docs/DOC-1536">https://live.paloaltonetworks.com/docs/DOC-1536</A></P><P><BR />FIPS mode (enabling/details) can be referenced as well via your Admin Guide.</P><P><BR />Regards,</P><P><BR />Bryan</P></BODY></HTML> Mon, 04 Jul 2011 19:32:44 GMT https://live.paloaltonetworks.com/t5/general-topics/password-policy/m-p/22872#M16686 bryan 2011-07-04T19:32:44Z https://live.paloaltonetworks.com/t5/general-topics/password-policy/m-p/22873#M16687 <HTML><HEAD></HEAD><BODY><P>I'm trying to gather more info on the impacts of managing the devices in FIPS mode (beyond the admin guide)...I can't access the link about due to permissions errors.&nbsp; Is the doc-1536 still applicable?</P></BODY></HTML> Tue, 26 Jun 2012 19:23:16 GMT https://live.paloaltonetworks.com/t5/general-topics/password-policy/m-p/22873#M16687 chrisp 2012-06-26T19:23:16Z