Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
pjang
Staff & Editor
Staff & Editor

Created on ‎12-09-2024 10:07 PM Edited on ‎01-18-2026 01:14 PM By Community Manager

Article Id 363571

Technical Tip: FortiOS FIPS Resource List

Description

 

This article provides a list of links to Knowledge Base (KB) articles and external documentation regarding Federal Information Processing Standards (FIPS) support on the FortiGate/FortiOS (aka FIPS 140-2/140-3 and FIPS-CC, or Common Criteria).

 

Scope

 

FortiGate, FIPS.

 

Solution

 

Important (2025-10-08): refer to the following KB article regarding extended technical support for the FortiOS 7.0 FIPS-CC Certified firmware branch: Technical Tip: Extended Support for v7.0 FIPS-CC Certified/CVE-Patched Firmware.

 

FIPS First-Time Setup KB Articles
Title and Links Description
Technical Tip: How to enable FIPS-CC mode Enabling FIPS-CC mode on a FortiGate for the first time.
Technical Tip: Enabling FIPS-Ciphers mode on FortiGate-VM deployed in AWS Enabling FIPS Ciphers mode on cloud-based FortiGate-VMs (a subset mode that is not equivalent to FIPS-CC mode and only enforces encryption cipher restrictions).
Technical Tip: Getting Started with FIPS-CC enabled Initial tips for getting started with FIPS-CC mode, including an expected behavior where interfaces are administratively down by default.

Technical Tip: Upgrading FortiOS Firmware when FIPS-CC is enabled

Information on the different types of FortiOS firmware that can be used (GA, FIPS Certified, and CVE-Patched) as well as guidance on performing firmware upgrades while in FIPS-CC mode.

Technical Tip: How to Verify if a FortiOS FIPS-CC Image is Certified or Patched

Guidance for finding, verifying, and obtaining the latest available FIPS Certified and CVE-Patched firmware builds for FortiOS.

Technical Tip: Understanding FIPS 140-2 Compliance for FortiGate, FIPS-CC and Special Build

This article explains how to determine if a FortiGate device meets FIPS 140-2 standards and the importance of using NIST-approved encryption and authentication algorithms.

Technical Tip: FIPS 140-2 Tamper Evident Seals for the FortiGate

Notes regarding tamper-evident seals required on hardware FortiGates for FIPS 140-2/140-3 Level 2 compliance.

 

FIPS Known-Issues/Expected Behaviors KB Articles
Title and Links Description

Technical Tip: Non-FIPS FortiSwitches are offline when managed by FortiGate configured in FIPS-CC m...

Known behavior when managing non-FIPS-enabled FortiSwitches with FIPS-enabled FortiGates.

Troubleshooting Tip: Unable to delete firewall policies with ID 5 or 6 in FIPS-CC Mode

Known-issue affecting certain Firewall Policies when upgrading from v6.2 tov 6.4 while FIPS-CC mode is enabled

Troubleshooting Tip: Cipher suites and TLS version are not supported by virtual servers in FIPS-CC ...

Known issue where certain encryption ciphers do not work when used with Virtual Servers on FIPS-enabled FortiGates.

Technical Tip: FortiGate in FIPS-CC mode cannot import certificate if root/intermediate CA certific...

Known behavior where FIPS-enabled FortiGates cannot import certificates if the Root/Intermediate CA certificates are not installed first.

Technical Tip: Unable to import remote certificate to FIPS-CC enabled FortiGate for SAML authentica...

Known behavior where FIPS-enabled FortiGates cannot import remote certificates from SAML IdPs (i.e., used for signing SAML assertions) if they are missing the Basic Constraints extension.

Troubleshooting Tip: Fixing the error 'Basic constraints is absent for CA/LOCAL/REMOTE cert'

Expected behavior where FIPS-enabled FortiGates cannot import local certificates that are missing the Basic Constraints extension.

Technical Tip: FortiGate is not able to send logs to FortiAnalyzer with FIPS -CC mode enabled in ver...

This article provides steps to resolve fatal errors that appear in OFTP debugs on FortiGate with v7.2.5.

Technical Tip: FIPS-CC enabled FortiGates do not support the private-data-encryption feature

Expected behavior where FIPS-enabled FortiGates do not support the private-data-encryption feature.

Technical Tip: FortiGate FIPS-CC mode no longer supports standard RADIUS, use RADSEC instead (Expec...

Expected behavior where the FIPS Certified/Candidate builds for FortiOS v7.2, v7.4, and later no longer supports unprotected RADIUS authentication (new limitation from FIPS 140-3)

Technical Tip: FortiGate FIPS-CC mode no longer supports DH Groups 1, 2, or 5 for IPsec, causes IKE...

Expected behavior where the FIPS Certified/Candidate builds for FortiOS v7.2, v7.4, and later no longer support DH Group 1, 2, or 5 (new limitation from FIPS 140-3), as well as an explanation and solution for IKEd Signal 6 crashes that can occur post-upgrade.

Technical Tip: FIPS Certified/CVE-Patched Firmware shows GUI warnings regarding Special Technical S...

Expected behavior where the FIPS Certified/Candidate builds for FortiOS v7.4, and later versions now display a warning regarding Special Technical Support (STS) firmware.

 

FIPS-Related External Resources
Title and Links Description

Fortinet - Federal Information Processing Standards

 Official Fortinet page regarding FIPS 140-2 and 140-3 certification, including the lists of products and firmware that are certified and links to their Security Policies/documentation.

NIST Cryptographic Module Validation Program (CMVP) Validated Modules

 Link to the NIST CMVP database containing all validated modules (the link is preconfigured to search for all modules belonging to Vendor: Fortinet).

OpenSSL FIPS provider installed globally at startup (FortiOS 7.6.0 New Features)

 New Feature in FortiOS v7.6.0 regarding OpenSSL FIPS Provider (ensures that any OpenSSL application within FortiOS is automatically compliant with FIPS regulations).

FIPS cipher mode for AWS, Azure, OCI, and GCP FortiGate-VMs

 Administration Guide section regarding FIPS Ciphers mode, a unique sub-mode of FIPS-CC available for cloud-based FortiGate-VMs only (AWS, Azure, OCI, GCP). See also the FIPS-Ciphers KB article in the above table.

FIPS 140-2 Non-Proprietary Security Policy Document (FortiOS 6.4/7.0)

 FIPS Security Policy documentation (available on NIST CMVP) describing how FortiOS v6.4/v7.0 meets FIPS 140-2 security requirements, as well as how to operate the modules in a FIPS-compliant manner.

FIPS 140-2 Non-Proprietary Security Policy Document (FortiOS 6.2)

 FIPS Security Policy documentation (available on NIST CMVP) describing how FortiOS 6.2 meets FIPS 140-2 security requirements, as well as how to operate the modules in a FIPS-compliant manner.
4963
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2026 Fortinet, Inc. All Rights Reserved.