Skip to main content
joshiamarpreet
joshiamarpreet
Explorer II
August 19, 2022
Solved

FIPS Mode FortiOS 7.0.0 and Above

  • August 19, 2022
  • 3 replies
  • 8685 views

Dear All,

We want to enable FIPS mode in FortiOS 7 version and above.

As per details available till now, we found FIPS-CC mode which gets enabled in FortiOS 6.2 and below;

post loading FIPS-CC firmware over the box and enabling it in CLI.

 

In FortiOS 7 and above, we do see config system fips-cc but enabling the mode is disabled.

 

Please confirm if Fortinet does not compliant now with FIPS standards or if it does, then what are the steps to enable it?

 

Best answer by joshiamarpreet

So, Fortinet is still working on latest versions for FIPS-CC mode firmware images and will take time for new OS to come.

Confirmed with TAC.

3 replies

vdralio
Staff
vdralio
Staff
August 19, 2022

Hi @joshiamarpreet ,

 

Yes, you can use FIPS also for FortiOS 7.x.x

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-enable-FIPS-CC-mode/ta-p/196629

 

Please be aware that if you enable or disable FIPS-CC mode, all of the existing configurations are lost.

Backup first: https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/702257/configuration-backups

Then use the next guides to enable the feature:

https://docs.fortinet.com/document/fortimail/6.2.0/cli-reference/785841/fips
https://docs.fortinet.com/document/fortigate/6.2.1/cli-reference/97620/system-fips-cc
https://docs.fortinet.com/document/fortigate/7.0.6/cli-reference/118620/config-system-fips-cc
Then you would need to upload the backup to the FG:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-load-convert-a-FortiGate-configuration-file/ta-p/197247

If you want to disable you will need to restore the firmware default configuration using factoryreset.

 

Best Regards,

Vasil

joshiamarpreet
joshiamarpreetAuthor
Explorer II
August 19, 2022

Dear @vdralio

Following link we referred already, it says only certain models/ version are FIPS-CC certified by OEM. 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-enable-FIPS-CC-mode/ta-p/196629

joshiamarpreet_0-1660923214693.png

On firewall it is not enabling FIPS mode in factory installed default OS.

 

joshiamarpreet_1-1660923604304.png

 

Also if we search firmware images page over https://support.fortinet.com, FIPS-CC images are available till version 6.2 only.

joshiamarpreet_2-1660926074335.png

 

Please guide on how to enable it on ver 7.x.x and above. Is TAC required to intervene and provide some custom image for us?

 

 

 

 

 

vdralio
Staff
vdralio
Staff
August 20, 2022

Dear @joshiamarpreet ,

 

I will suggest then continuing with the Support ticket there you can get more information regarding the request and also help you with the settings you need.

 

Best Regards,

Vasil Dralio

joshiamarpreet
joshiamarpreetAuthorAnswer
Explorer II
December 17, 2022

So, Fortinet is still working on latest versions for FIPS-CC mode firmware images and will take time for new OS to come.

Confirmed with TAC.

Terms & ConditionsAccessibility statement