Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
pjang
Staff
Staff

Created on ‎12-09-2024 10:07 PM

Article Id 363571

Technical Tip: FortiOS FIPS Resource List

Description

 

This article provides a list of resources/links regarding Federal Information Processing Standards (FIPS) support with the FortiGate/FortiOS (aka FIPS 140-2/140-3 and FIPS-CC, or Common Criteria).

 

Scope

 

FortiGate, FIPS.

 

Solution

 

FIPS-related Knowledge Base Articles
Title and Links Description
Technical Tip: How to enable FIPS-CC mode Enabling FIPS-CC mode on a FortiGate for the first time.
Technical Tip: Enabling FIPS-Ciphers mode on FortiGate-VM deployed in AWS Enabling FIPS Ciphers mode on cloud-based FortiGate-VMs (a subset mode that is not equivalent to FIPS-CC mode and only enforces encryption cipher restrictions).
Technical Tip: Getting Started with FIPS-CC enabled Initial tips for getting started with FIPS-CC mode, including an expected-behavior where interfaces are administratively-down by default.

Technical Tip: Upgrading FortiOS Firmware when FIPS-CC is enabled

Information on the different types of FortiOS firmware that can be used (GA, FIPS Certified, and CVE-Patched) as well as guidance on performing firmware upgrades while in FIPS-CC mode.

Technical Tip: How to Verify if a FortiOS FIPS-CC Image is Certified or Patched

Guidance for finding, verifying, and obtaining the latest available FIPS Certified and CVE-Patched firmware builds for FortiOS.

Technical Tip: Non-FIPS FortiSwitches are offline when managed by FortiGate configured in FIPS-CC m...

Known-behavior when managing non-FIPS enabled FortiSwitches with FIPS-enabled FortiGates.

Troubleshooting Tip: Unable to delete firewall policies with ID 5 or 6 in FIPS-CC Mode

Known-issue affecting certain Firewall Policies when upgrading from FortiOS 6.2 to 6.4 while FIPS-CC mode is enabled

Troubleshooting Tip: Cipher suites and TLS version are not supported by virtual servers in FIPS-CC ...

Known-issue where certain encryption ciphers do not work when used with Virtual Servers on FIPS-enabled FortiGates.

Troubleshooting Tip: Fixing the error 'Basic constraints is absent for CA/LOCAL/REMOTE cert'

Expected behavior where FIPS-enabled FortiGates cannot import certificates that are missing the Basic Constraints extension (particularly relevant for SAML since many IdPs do not provide Basic Constraints on the certificates used to sign SAML assertions).

 

FIPS-related External Resources
Title and Links Description

NIST Cryptographic Module Validation Program (CMVP) Validated Modules

 Link to the NIST CMVP database containing all validated modules (the link is preconfigured to search for all modules belonging to Vendor: Fortinet).

OpenSSL FIPS provider installed globally at startup (FortiOS 7.6.0 New Features)

 New Feature in FortiOS 7.6.0 regarding OpenSSL FIPS Provider (ensures that any OpenSSL application within FortiOS is automatically complaint with FIPS regulations).

FIPS cipher mode for AWS, Azure, OCI, and GCP FortiGate-VMs

 Administration Guide section regarding FIPS Ciphers mode, a unique sub-mode of FIPS-CC available for cloud-based FortiGate-VMs only (AWS, Azure, OCI, GCP). See also the FIPS-Ciphers KB article in above table.

FIPS 140-2 Non-Proprietary Security Policy Document (FortiOS 6.4/7.0)

 FIPS Security Policy documentation (available on NIST CMVP) describing how FortiOS 6.4/7.0 meet FIPS 140-2 security requirements, as well as how to operate the modules in a FIPS compliant manner.

FIPS 140-2 Non-Proprietary Security Policy Document (FortiOS 6.2)

 FIPS Security Policy documentation (available on NIST CMVP) describing how FortiOS 6.2 meets FIPS 140-2 security requirements, as well as how to operate the modules in a FIPS compliant manner.
289
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.