Technical Tip: REST API admin account option is not available for if FIPS-CC mode

Mrinmoy · ‎01-05-2023

Description

This article describes that REST API admin account option is not available for FIPS-CC mode.

Scope

FortiGate v6.0 or above.

Solution

By design REST api-user for FIPS-CC is disabled.

To Verify whether FIPS mode is enabled or not:

# get system status
Version: FortiGate-VM64-KVM v7.0.6,build0366,220606 (GA.F)
Virus-DB: 1.00000(2018-04-09 18:07)
Extended DB: 1.00000(2018-04-09 18:07)
Extreme DB: 1.00000(2018-04-09 18:07)
AV AI/ML Model: 0.00000(2001-01-01 00:00)
IPS-DB: 6.00741(2015-12-01 02:30)
IPS-ETDB: 6.00741(2015-12-01 02:30)
APP-DB: 6.00741(2015-12-01 02:30)
INDUSTRIAL-DB: 6.00741(2015-12-01 02:30)
IPS Malicious URL Database: 1.00001(2015-01-01 01:01)
Serial-Number: FGVM02TM22000832
License Status: Warning
VM Resources: 1 CPU/2 allowed, 2007 MB RAM
Log hard disk: Available
Hostname: FortiGate-VM64-KVM
Operation Mode: NAT
Current virtual domain: root
Max number of virtual domains: 10
Virtual domains status: 1 in NAT mode, 0 in TP mode
Virtual domain configuration: disable
FIPS-CC mode: enable <----- FIPS is enabled.
Current HA mode: standalone
Branch point: 0366
Release Version Information: GA
FortiOS x86-64: Yes
System time: Wed Aug 31 03:49:35 2022
Last reboot reason: warm reboot

Related documents:

https://docs.fortinet.com/document/fortigate/6.4.11/administration-guide/399023/rest-api-administrat...

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-enable-FIPS-CC-mode/ta-p/196629

https://mantis.fortinet.com/bug_view_page.php?bug_id=0438912