Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Summer Badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiADC
- FortiAIOps
- FortiAnalyzer
- FortiAP
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCare Services
- FortiCarrier
- FortiCASB
- FortiConverter
- FortiCNP
- FortiDAST
- FortiData
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDeceptor
- FortiDevice
- FortiDevSec
- FortiDirector
- FortiEdgeCloud
- FortiEDR
- FortiEndpoint
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiGuest
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiPresence
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiAppSec Cloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiADC
- FortiAIOps
- FortiAnalyzer
- FortiAP
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCare Services
- FortiCarrier
- FortiCASB
- FortiConverter
- FortiCNP
- FortiDAST
- FortiData
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDeceptor
- FortiDevice
- FortiDevSec
- FortiDirector
- FortiEdgeCloud
- FortiEDR
- FortiEndpoint
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiGuest
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiPresence
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiAppSec Cloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
- Fortinet Community
- Knowledge Base
- FortiGate
- Technical Tip: FortiOS FIPS Resource List
Options
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
pjang
Staff & Editor
Created on
12-09-2024
10:07 PM
Edited on
05-14-2025
12:14 AM
By
Jean-Philippe_P
Article Id
363571
Description
This article provides a list of resources/links regarding Federal Information Processing Standards (FIPS) support with the FortiGate/FortiOS (aka FIPS 140-2/140-3 and FIPS-CC, or Common Criteria).
Scope
FortiGate, FIPS.
Solution
| FIPS-related Knowledge Base Articles |
| Title and Links | Description |
| Technical Tip: How to enable FIPS-CC mode | Enabling FIPS-CC mode on a FortiGate for the first time. |
| Technical Tip: Enabling FIPS-Ciphers mode on FortiGate-VM deployed in AWS | Enabling FIPS Ciphers mode on cloud-based FortiGate-VMs (a subset mode that is not equivalent to FIPS-CC mode and only enforces encryption cipher restrictions). |
| Technical Tip: Getting Started with FIPS-CC enabled | Initial tips for getting started with FIPS-CC mode, including an expected-behavior where interfaces are administratively-down by default. |
|
Technical Tip: Upgrading FortiOS Firmware when FIPS-CC is enabled |
Information on the different types of FortiOS firmware that can be used (GA, FIPS Certified, and CVE-Patched) as well as guidance on performing firmware upgrades while in FIPS-CC mode. |
|
Technical Tip: How to Verify if a FortiOS FIPS-CC Image is Certified or Patched |
Guidance for finding, verifying, and obtaining the latest available FIPS Certified and CVE-Patched firmware builds for FortiOS. |
|
Technical Tip: FIPS 140-2 Tamper Evident Seals for the FortiGate |
Notes regarding tamper evident seals required on hardware FortiGates for FIPS 140-2/140-3 Level 2 compliance. |
|
Known-behavior when managing non-FIPS enabled FortiSwitches with FIPS-enabled FortiGates. |
|
|
Troubleshooting Tip: Unable to delete firewall policies with ID 5 or 6 in FIPS-CC Mode |
Known-issue affecting certain Firewall Policies when upgrading from FortiOS 6.2 to 6.4 while FIPS-CC mode is enabled |
|
Known-issue where certain encryption ciphers do not work when used with Virtual Servers on FIPS-enabled FortiGates. |
|
|
Known-behavior where FIPS-enabled FortiGates cannot import certificates if the Root/Intermediate CA certificates are not installed first. |
|
|
Known-behavior where FIPS enabled FortiGates cannot import remote certificates from SAML IdPs (i.e. used for signing SAML assertions) if they are missing the Basic Constraints extension. |
|
|
Troubleshooting Tip: Fixing the error 'Basic constraints is absent for CA/LOCAL/REMOTE cert' |
Expected behavior where FIPS-enabled FortiGates cannot import local certificates that are missing the Basic Constraints extension. |
|
Technical Tip: FIPS-CC enabled FortiGates do not support the private-data-encryption feature |
Expected behavior where FIPS-enabled FortiGates do not support the private-data-encryption feature. |
| FIPS-related External Resources |
| Title and Links | Description |
| Official Fortinet page regarding FIPS 140-2 and 140-3 certification, including the lists of products and firmware that is certified and links to their Security Policies/documentation. | |
|
NIST Cryptographic Module Validation Program (CMVP) Validated Modules |
Link to the NIST CMVP database containing all validated modules (the link is preconfigured to search for all modules belonging to Vendor: Fortinet). |
|
OpenSSL FIPS provider installed globally at startup (FortiOS 7.6.0 New Features) |
New Feature in FortiOS 7.6.0 regarding OpenSSL FIPS Provider (ensures that any OpenSSL application within FortiOS is automatically complaint with FIPS regulations). |
| Administration Guide section regarding FIPS Ciphers mode, a unique sub-mode of FIPS-CC available for cloud-based FortiGate-VMs only (AWS, Azure, OCI, GCP). See also the FIPS-Ciphers KB article in above table. | |
|
FIPS 140-2 Non-Proprietary Security Policy Document (FortiOS 6.4/7.0) |
FIPS Security Policy documentation (available on NIST CMVP) describing how FortiOS 6.4/7.0 meet FIPS 140-2 security requirements, as well as how to operate the modules in a FIPS compliant manner. |
|
FIPS 140-2 Non-Proprietary Security Policy Document (FortiOS 6.2) |
FIPS Security Policy documentation (available on NIST CMVP) describing how FortiOS 6.2 meets FIPS 140-2 security requirements, as well as how to operate the modules in a FIPS compliant manner. |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2025 Fortinet, Inc. All Rights Reserved.