We want to enable FIPS mode in FortiOS 7 version and above.
As per details available till now, we found FIPS-CC mode which gets enabled in FortiOS 6.2 and below;
post loading FIPS-CC firmware over the box and enabling it in CLI.
In FortiOS 7 and above, we do see config system fips-cc but enabling the mode is disabled.
Please confirm if Fortinet does not compliant now with FIPS standards or if it does, then what are the steps to enable it?
Hi @joshiamarpreet ,
Yes, you can use FIPS also for FortiOS 7.x.x
Please be aware that if you enable or disable FIPS-CC mode, all of the existing configurations are lost.Backup first: https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/702257/configuration-backupsThen use the next guides to enable the feature:https://docs.fortinet.com/document/fortimail/6.2.0/cli-reference/785841/fipshttps://docs.fortinet.com/document/fortigate/6.2.1/cli-reference/97620/system-fips-cchttps://docs.fortinet.com/document/fortigate/7.0.6/cli-reference/118620/config-system-fips-ccThen you would need to upload the backup to the FG:https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-load-convert-a-FortiGate-configurat...If you want to disable you will need to restore the firmware default configuration using factoryreset.
Following link we referred already, it says only certain models/ version are FIPS-CC certified by OEM.
On firewall it is not enabling FIPS mode in factory installed default OS.
Also if we search firmware images page over https://support.fortinet.com, FIPS-CC images are available till version 6.2 only.
Please guide on how to enable it on ver 7.x.x and above. Is TAC required to intervene and provide some custom image for us?
Dear @joshiamarpreet ,
I will suggest then continuing with the Support ticket there you can get more information regarding the request and also help you with the settings you need.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2022 Fortinet, Inc. All Rights Reserved.