Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
joshiamarpreet
New Contributor III

Created on ‎08-18-2022 11:32 PM

FIPS Mode FortiOS 7.0.0 and Above

Dear All,

We want to enable FIPS mode in FortiOS 7 version and above.

As per details available till now, we found FIPS-CC mode which gets enabled in FortiOS 6.2 and below;

post loading FIPS-CC firmware over the box and enabling it in CLI.

 

In FortiOS 7 and above, we do see config system fips-cc but enabling the mode is disabled.

 

Please confirm if Fortinet does not compliant now with FIPS standards or if it does, then what are the steps to enable it?

 

joshiamarpreet - Still Hungry | Still Foolish
joshiamarpreet - Still Hungry | Still Foolish
Labels:
5792
0 Kudos
1 Solution
joshiamarpreet
New Contributor III

Created on ‎12-17-2022 09:13 AM

So, Fortinet is still working on latest versions for FIPS-CC mode firmware images and will take time for new OS to come.

Confirmed with TAC.

joshiamarpreet - Still Hungry | Still Foolish

View solution in original post

joshiamarpreet - Still Hungry | Still Foolish
5291
0 Kudos
4 REPLIES 4
vdralio
Staff
Staff

Created on ‎08-19-2022 01:26 AM

Hi @joshiamarpreet ,

 

Yes, you can use FIPS also for FortiOS 7.x.x

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-enable-FIPS-CC-mode/ta-p/196629

 

Please be aware that if you enable or disable FIPS-CC mode, all of the existing configurations are lost.

Backup first: https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/702257/configuration-backups

Then use the next guides to enable the feature:

https://docs.fortinet.com/document/fortimail/6.2.0/cli-reference/785841/fips
https://docs.fortinet.com/document/fortigate/6.2.1/cli-reference/97620/system-fips-cc
https://docs.fortinet.com/document/fortigate/7.0.6/cli-reference/118620/config-system-fips-cc
Then you would need to upload the backup to the FG:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-load-convert-a-FortiGate-configurat...

If you want to disable you will need to restore the firmware default configuration using factoryreset.

 

Best Regards,

Vasil

5785
0 Kudos
joshiamarpreet
New Contributor III

Created on ‎08-19-2022 09:22 AM

Dear @vdralio

Following link we referred already, it says only certain models/ version are FIPS-CC certified by OEM. 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-enable-FIPS-CC-mode/ta-p/196629

joshiamarpreet_0-1660923214693.png

On firewall it is not enabling FIPS mode in factory installed default OS.

 

joshiamarpreet_1-1660923604304.png

 

Also if we search firmware images page over https://support.fortinet.com, FIPS-CC images are available till version 6.2 only.

joshiamarpreet_2-1660926074335.png

 

Please guide on how to enable it on ver 7.x.x and above. Is TAC required to intervene and provide some custom image for us?

 

 

 

 

 

joshiamarpreet - Still Hungry | Still Foolish
joshiamarpreet - Still Hungry | Still Foolish
5776
0 Kudos
vdralio
Staff
Staff
In response to joshiamarpreet

Created on ‎08-20-2022 12:28 AM

Dear @joshiamarpreet ,

 

I will suggest then continuing with the Support ticket there you can get more information regarding the request and also help you with the settings you need.

 

Best Regards,

Vasil Dralio

5758
0 Kudos
joshiamarpreet
New Contributor III

Created on ‎12-17-2022 09:13 AM

So, Fortinet is still working on latest versions for FIPS-CC mode firmware images and will take time for new OS to come.

Confirmed with TAC.

joshiamarpreet - Still Hungry | Still Foolish
joshiamarpreet - Still Hungry | Still Foolish
5292
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.