We just purchased an new fortigate 60e and 80e. Both came preinstalled with 5.4.3
The first thing i want/need to do is enable fips-cc. Looked it up in the CLI guide and found
system/fips-cc CLI Syntax config system fips-cc edit <name_str> set status {enable | disable} set entropy-token {enable | disable | dynamic} set error-flag {error-mode | exit-ready} set error-cause {none | memory | disk | syslog} set self-test-period <integer> set key-generation-self-test {enable | disable} Great i have all that i need config system fips-cc no issues but the only command that does anything after that is set entropy-token {enable | disable | dynamic} i cannot actually enable fips if i try set status enable i get command parse error before 'status' command fail. return code -61 I have enabled fips on a 300d running 5.2.x a few years ago and again on a 200d about 6 months ago (also running 5.2.x) not sure what to do next
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Can you change the fortiOS version?
PCNSE
NSE
StrongSwan
Hi,
I only found FortiOS 5.2.7 to be fips certified.
The documentation says that FortiOS 5.4.2 is in evaluation for an fips certification:
http://help.fortinet.com/...FOS/Certifications.htm
The lowest FortiOS version for the E-Series is 5.4.0, so you cant use them if fips certification is required.
Regards
bommi
NSE 4/5/7
Right now fips certification is not needed. But i would like to have fips enabled because at some point in the future it will be required. Easier to enable now than later.
they came preinstalled with 5.4.3 i upgraded one to 5.4.5
i cannot back rev to 5.2 because they are the E models and they do not have a 5.2 for those.
I have not tried 5.6 yet
Didn't you forget
edit <name_str>
Kind Regards,
IPNS
after
config system fips-cc
I tried
edit
regardless of what i type in after edit i get
unknown action 0
From my understanding you need an fips-cc enabled build of fortios to be able to use this commands.
Regards
bommi
NSE 4/5/7
I agree it needs to be a fips enabled fortios to enable fips.
And that is my frustration
http://docs.fortinet.com/...rtigate-cli-ref-54.pdf page 508 describes the cli for it
basically the manual for my version of the software gives very clear instructions of what i need to do. If I could find a document that says except for these versions or these models then I would let it go. But all I can find is instructions on how to do this.
and yes the link is for 4.5.1 and on one unit I did down grade to 4.5.1 just to see if it worked.
That correct you need a FIPS-enabled image, login into fortinet support FIPS_CC certified images and find one if available for that hardware.
http://socpuppet.blogspot...igate-firewall-by.html
and read the following ( search for fortinet )
http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401vend.htm
remember not all FGT are FIPS certified since it cost FTNT to get that endorsement
PCNSE
NSE
StrongSwan
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1547 | |
1031 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.