How do I enable FIPS on SMA 1000 supported hardware?
03/26/2020 0 4453
How to Enable FIPS on SMA 1000 Supported Hardware.
FIPS can be enabled on SMA hardware platforms which are certified and compliant. Please refer to supported FIPS Compliant SMA 1000 Series devices.
To Enable FIPS you will need to procure additional license by contacting SonicWall Sales or SonicWall Customer Service (1-888-793-2830).
Once this service has been added to a specific serial number one could import the license to the device or have this license synchronized using SonicWall License Manager.
Login to Management Console-Licensing-Edit Import License file and apply Pending Changes.
After adding the license you need to export all existing SSL Certificates for Workplace, Custom FQDN Certs, Management Console certs from the appliance in addition to remove any SSH stored keys. Enabling FIPS would delete all existing Certs. Exporting Certs is recommended. In addition creating a backup of current configuration is recommended prior to enabling of FIPS on the device.
How to enable FIPS on the Device: Management Console-General Settings-FIPS Security - Select Edit
Selecting Checkbox would enable FIPS, Select Save and apply pending Changes.
Prior to enabling FIPS appliance would recommend to have all Certs backed up and remove any stored SSH Keys. If already backed up please click on apply pending changes. This may take a few mintues.
Once FIPS is enabled a welcome message and cipher recommendations will be presented to be enabled
Post Enabling of FIPS you will see a Network tunnel Service and Webproxy Service down due to missing certificates. Importing SSL certificates will restore all services to normal.
- Disabling of FIPS will delete all existing SSL Certs on the device. Exporting of Certs and having a configuration backup is recommended.
- Manual Modification using command line might lead the device to brick state.
- CMS does support FIPS enabled Managed Appliances.
- Virtual Appliances can be enabled with FIPS but they do not comply for FIPS Certification.