How do I enable FIPS on SMA 1000 supported hardware?

Description

How to Enable FIPS on SMA 1000 Supported Hardware.

Resolution

FIPS  can be enabled on SMA hardware and Virtual Appliances which are certified and compliant with 12.4.x firmware.

Please refer to supported FIPS Compliant SMA 1000 Series devices.

To Enable FIPS you will need to procure additional license by contacting SonicWall Sales or SonicWall Customer Service (1-888-793-2830).

Once this service has been added to a specific serial number one could import the license to the device or have this license synchronized using SonicWall License Manager.


Step 1:

Login to Management Console-Licensing-Edit Import License file and apply Pending Changes.

Import License that FIPS service added

Step 2:

After adding the license  you need to export all existing SSL Certificates for Workplace, Custom FQDN Certs, Management Console certs from the appliance in addition to remove any SSH stored keys.  Enabling FIPS would delete all existing Certs.  Exporting Certs is recommended.  In addition creating a backup of  current configuration is recommended prior to enabling of FIPS on the device.

Step 3:

How to enable FIPS on the Device:   Management Console-General Settings-FIPS Security - Select Edit

How to Enable FIPS

Step 4:

Selecting Checkbox would enable FIPS,  Select Save and apply pending Changes. 

Enabling FIPS

Step 5:

Prior to enabling FIPS appliance would recommend to have all Certs backed up and remove any stored SSH Keys.  If already backed up please click on  apply pending changes.  This may take a few mintues.

FIPS Message


Step 6:

Once FIPS is enabled  a welcome message and cipher recommendations will be presented to be enabled 


FIPS Message



Step 7:

Post Enabling of FIPS  you will see a Network tunnel Service and  Webproxy Service down  due to missing certificates.  Importing SSL certificates will restore all services to normal.

Service down


Note:

  • Disabling of FIPS will delete all existing SSL Certs on the device.  Exporting of Certs and having a configuration backup is recommended.
  • Manual Modification using command line might lead the device to brick state.
  • CMS does  support FIPS enabled Managed Appliances.
  • Hardware Appliances & Virtual Appliances can be enabled with FIPS and they are Certified. 

Related Articles

  • SMA100 End of Support No-Charge Replacement FAQ
    Read More
  • SMA1000: Post upgrade to 12.5.0 on AWS and Azure, we show the error Could not retrieve the DNS settings once we log in to AMC/CMS console
    Read More
  • Firmware version required to upgrade to version 12.5.0.
    Read More

Categories

Secure Mobile Access
SMA 1000 Series
Configuration
Secure Mobile Access
SMA 1000 Series
Hardware
not finding your answers?
Ask the Community