This option is available by enabling FIPS mode (FIPS 140-2) on the FW, though the following options will also apply:
Federal Information Processing Standards Support:
• To log into the firewall, the browser must be TLS 1.0 compatible.
• All passwords on the firewall must be at least six characters.
• Accounts are locked after the number of failed attempts that is configured on theDevice > Setup > Management page. If the firewall is not in FIPS mode, it can be configured so that it never locks out; however in FIPS mode, and lockout time is required.
• The firewall automatically determines the appropriate level of self-testing and enforces the appropriate level of strength in encryption algorithms and cipher suites.
• Non-FIPS approved algorithms are not decrypted and are thus ignored during decryption.
• When configuring IPSec, a subset of the normally available cipher suites is available.
• Self-generated and imported certificates must contain public keys that are 2048 bits (or more).
• The serial port is disabled.
• Telnet, TFTP, and HTTP management connections are unavailable.
• Surf control is not supported.
• High availability (HA) encryption is required.
• PAP authentication is disabled..
Below is a Knowledgepoint Article regarding FIPS Mode:
FIPS mode (enabling/details) can be referenced as well via your Admin Guide.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!