enable fips-cc

Forum|Forum|8 years ago
July 25, 2017
2 replies
35099 views

We just purchased an new fortigate 60e and 80e. Both came preinstalled with 5.4.3

The first thing i want/need to do is enable fips-cc. Looked it up in the CLI guide and found

system/fips-cc CLI Syntax config system fips-cc edit <name_str> set status {enable | disable} set entropy-token {enable | disable | dynamic} set error-flag {error-mode | exit-ready} set error-cause {none | memory | disk | syslog} set self-test-period <integer> set key-generation-self-test {enable | disable} Great i have all that i need config system fips-cc no issues but the only command that does anything after that is set entropy-token {enable | disable | dynamic} i cannot actually enable fips if i try set status enable i get command parse error before 'status' command fail. return code -61 I have enabled fips on a 300d running 5.2.x a few years ago and again on a 200d about 6 months ago (also running 5.2.x) not sure what to do next

emnoc

New Member

Can you change the fortiOS version?

bommi

New Member

Hi,

I only found FortiOS 5.2.7 to be fips certified.

The documentation says that FortiOS 5.4.2 is in evaluation for an fips certification:

http://help.fortinet.com/...FOS/Certifications.htm

The lowest FortiOS version for the E-Series is 5.4.0, so you cant use them if fips certification is required.

Regards

bommi

lrpageAuthor

New Member

Right now fips certification is not needed. But i would like to have fips enabled because at some point in the future it will be required. Easier to enable now than later.

ipns

New Member

Didn't you forget

edit <name_str>

lrpageAuthor

New Member

after

config system fips-cc

I tried

edit

regardless of what i type in after edit i get

unknown action 0

bommi

New Member

From my understanding you need an fips-cc enabled build of fortios to be able to use this commands.

Regards

bommi

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded