Enabling FIPS Mode

When operating in FIPS (Federal Information Processing Standard) mode, SonicWall security appliances support FIPS 140-2 compliant security. Among the FIPS-compliant features of the appliance are a PRNG based on SHA-1 and support for only FIPS-approved algorithms (DES, 3DES, and AES with SHA-1).

To enable FIPs and see a list of which of your current configurations are not allowed or are not present

The Enable FIPS Mode option cannot be enabled at the same time as the Enable NDPP Mode option, which is also on the Firmware and Settings > Settings dialog.

1. Navigate to Device | Settings > Firmware and Settings.
2. Click Settings.
3. Click FIPS/NDPP.

4. Turn on the Enable FIPS Mode toggle button.

   A warning message appears.

5. Click OK.

   The FIPS Mode Setting Verification dialog appears with a list of your required and not allowed configurations.

6. Click Close .

7. If your SonicWall appliance:
   • Complies with the checklist, go to Step 7.

   • Does not comply with the checklist, manually change or disable settings to be compliant with FIPS mode setting compliance checklist.

     If you close the FIPS Mode Setting Verification dialog box before completing all required changes, the Enable FIPS Mode toggle button is automatically disabled. Turn on the Enable FIPS Mode toggle button again to view the configuration changes still needed for FIPS compliance.

8. Click OK to reboot the security appliance in FIPS mode. A second warning displays.

9. Click Yes to continue rebooting. To return to normal operation, clear the Enable FIPS Mode checkbox and reboot the firewall in non-FIPS mode.

   When using the SonicWall security appliance for FIPS-compliant operation, the tamper-evident sticker that is affixed to the SonicWall security appliance must remain in place and untouched.