Secure Mobile Access 12.4 Administration Guide

FIPS Violations

Your appliance validates its integrity several ways:

  • A self test is performed at each power-on cycle to verify all FIPS approved cryptographic algorithms are functioning properly. If any of the self tests fail, the Alarm LED on the front panel will remain lit, a message detailing the specific failure will be displayed on the serial console and logged in /var/log/aventail/fips.log, and the appliance will be halted. You should power-cycle the appliance once to see if it recovers. If it does not, you will need to contact SonicWall Customer Support for further instructions.
  • A continuous self test is performed on the random number generator and on the generation of new Certificate keys to verify the integrity of cryptographic operations. If any of these self tests fail, a message detailing the specific failure will be displayed on the serial console and logged in /var/log/aventail/fips.log, and the appliance will be immediately power-cycled via a reboot in order to perform the rigorous self-tests for system integrity.
  • All critical security binaries are signed and hashed. Alterations to any of these binaries will be detected at each reboot and immediately on a running system. If this occurs during the power-cycle self tests, the Alarm LED on the front panel will remain lit, a message detailing the specific tampering will be displayed on the serial console and logged in /var/log/aventail/fips.log, the system will be halted and you will need to contact SonicWall Customer Support for further instructions. If this tampering is detected on a running system, the appliance will be immediately power-cycled via a reboot in order to perform the rigorous self-tests for system integrity.
  • All critical security configuration files are signed and hashed. Manual alterations (as opposed to alterations made using the AMC) to any of the configuration files will cause the appliance to immediately transition into an error state. If this tampering is detected on a running system, the appliance will be immediately power-cycled via a reboot in order to perform the rigorous self-tests for system integrity. Otherwise, if it is detected during power-cycle self-tests, a message detailing the specific tampering will be displayed on the serial console and logged in /var/log/aventail/fips.log, the Test LED on the front panel remain lit and the system will be placed in single user mode with networking disabled. The primary administrator will need to log in via the serial console and restore tampered configuration files with valid backup copies or perform a configuration reset prior to power-cycling the appliance.
  • Firmware upgrade files are signed and hashed. If an upgrade file fails its integrity check, the upgrade process is aborted without making any state changes to the appliance, a message detailing the failure is displayed on the AMC Web page, and the appliance remains fully functional.

Was This Article Helpful?

Help us to improve our support portal

Techdocs Article Helpful form

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.