• Secure Mobile Access 12.4
• About This Guide
• CMS Configuration
  • Introduction to CMS
    • Overview
    • CMS Deployment Options
    • What’s New in This Release
      • Global Policy Settings
      • CMS Alerts Logging
    • Central Management Server
    • Central Management Console
    • Managed Appliances
    • Licensing CMS
    • Central User Licenses
    • Global Traffic Optimizer
    • FIPS and CMS
    • Getting Started in Five Steps
  • Installing and Configuring the Central Management Server
    • Overview
    • Kernel based Virtual Machine
    • Supported Platforms for CMS with Global HA
    • Hardware Resource Requirements
    • Installation Files
    • Setting Up a CMS
  • Configuring Appliances for Central Management
    • Overview
    • Firmware Compatibility with the CMS
    • Enabling Central Management on SMA Appliance
    • Registering an SMA Appliance with the CMS
    • Previously Configured Appliances
  • Using the Management Console Menus
    • Overview
    • Dashboard
      • Alerts
      • Appliances Pane
      • Appliance Load
      • Central License Usage Pane
      • About Pane
    • Management Server
      • Alerts
        • View Alerts
        • Configure Alerts
        • Notification
      • Configure
        • Central Management Settings
        • CMS Address Pool
        • Licensing
        • Administrators
          • General Settings
        • Network Settings
        • SSL Settings
        • Services
          • Manage SSH settings from CMS
      • Monitor
        • Configure the logging setting for Managed appliances
      • Maintain
    • Managed Appliances
      • Add/Remove
      • Configure
        • Overview
        • Configuring the Managed Appliances
          • Define Policy
          • Synchronize
        • Support multiple policies with CMS and shared licensing
          • Applying authentication servers to specific appliance
          • Applying SMTP configuration service to specific appliance
          • Applying SMS service to specific appliance
          • Applying realms to a subset of appliance
          • Assign rules to a subset of appliances
          • Support multiple GTO services
      • Monitor
        • User Sessions
        • Reports
        • Health
      • Maintain
  • Central User Licensing
    • Overview
    • How Central User Licenses Work
      • Central Spike User Licenses
      • Central Email Licenses
      • Perpetual Pooled Licenses
    • Enabling Central User Licensing
    • Getting Started with Central User Licensing
      • Setting Up CMS to Use Central User Licenses
      • Setting up CMS for Centralized Appliance Configuration and Management
      • Resetting a CMS License
  • Global High Availability
    • High Availability of the VPN Service
    • High Availability of the CMS
    • Disaster Recovery for the VPN Service
  • Alerts and SNMP
    • Overview
    • Pre-Configured Alerts
    • Configuring SNMP
  • Capture Advanced Threat Protection
    • Enabling Capture ATP
    • File Options
    • Web Services
    • Advanced Settings
  • Central FIPS Licensing
• Global High Availablity
  • Introduction to Global HA and GTO
  • Planning GTO Deployment
    • Choosing a Deployment Model
    • Minimizing Configuration Differences
    • GTO Service Names and DNS Delegations
    • Provisioning Certificates
      • Let's Encrypt
      • Adding Certificates to SMA Appliances
      • Generating a Certificate Signing Request (CSR)
      • Importing SSL Certificates
  • Setting up GTO
    • Setting up the CMS and SMA appliances
    • Enabling GTO service for managed appliances with the CMS
    • Setting up a Basic GTO Service
    • Monitoring and Configuring GTO
    • Defining the Central Policy
  • Extending GTO Deployment
    • Enabling Cached Credentials
    • Additional Deployment Notes
• SonicWall Support
  • About This Document

Central FIPS Licensing

FIPS (Federal Information Processing Standard) 140-2 Level 2 is a validation standard for evaluating cryptographic modules, and includes stringent reviews of source code, algorithms, physical security, and operational testing on cryptographic security products. The United States Federal Government is required to purchase cryptographic products validated to the FIPS 140-2 standard. In the international marketplace, ISO19790 is being adopted as a standard and is a direct adaptation of FIPS 140-2.

The SonicWall SMA 8200v, 7200, 7210, and SMA 6200, 6210 appliances have FIPS 140-2 Level 2 certification from NIST (the National Institute of Standards and Technology, the United States FIPS 140-2 Cryptographic Module Validation Authority) and CSE (the Communications Security Establishment, the Canadian FIPS 140-2 Cryptographic Module Authority).

FIPS mode is transparent to end users. Internally, FIPS mode enforces secure communication and system integrity.

FIPS can be enabled on centrally managed appliances.

• A central FIPS license allows all appliances managed by the CMS to be FIPS-enabled.
• To be managed by the CMS, FIPS-enabled appliances are not required to be part of a GTO service.
• A CMS license that includes FIPS must also include central user licenses. An appliance that is not centrally licensed, but has its own user license file, cannot be FIPS-enabled from a CMS-based license.

When the CMS central user license has FIPS, the administrator can enable FIPS individually for any managed appliance from its AMC. (See “Enabling FIPS” in the SMA 12.4 Administration Guide for more information.)

For more information about FIPS, see “FIPS Certification” in SMA 12.4 Administration Guide.

To enable Central FIPS Licensing

1. Navigate to Management Server > Configure > General Settings.
2. Under Licensing, click Edit.
3. In the Online Licensing section, click Register.
4. Log into your MySonicWall account with your username and password.
5. Navigate to Product Management > My Products.
6. Expand the line that contains your CMS license.
7. On the Licenses page, in the Gateway Services section, verify that FIPS Support has an active license.