Technical Tip: Predefined security profiles, profile group, and firewall policies created after enabling FIPS-CC mode

After enabling FIPS-CC mode (see Technical Tip: How to enable FIPS-CC mode), the FortiGate automatically creates a 'FIPS-CC' UTM profile for each security profile, except for Video Filter, File Filter, Virtual Patching, and CASB.

In addition, FortiOS generates a profile group named 'FIPS-CC', which references all the individual FIPS-CC security profiles created.

By default, the profile group is hidden in the GUI. To display it, run the following commands:

Furthermore, the FortiGate automatically creates six policies with the action set to 'Deny', as shown below:

Related articles:

• Technical Tip: How to Verify if a FortiOS FIPS-CC Image is Certified or Patched
  
• Technical Tip: Understanding FIPS 140-2 Compliance for FortiGate, FIPS-CC and Special Build
• Technical Tip: FortiOS FIPS Resource List
• Technical Tip: Extended Support for v7.0 FIPS-CC Certified/CVE-Patched Firmware 
• Technical Tip: Upgrading FortiOS Firmware when FIPS-CC is enabled