Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Email Security Quick-links: ESA Product Support | SMA Product Support | Email Submission and Tracking Portal | Cisco SecurityHub
Current General Deployment (GD) Releases:
ESA: 11.0.0-264 WSA: 10.5.1-296 SMA: 11.0.0-115 Email Plug-in (Reporting): 1.0.1-048 Email Plug-in (Encryption): 1.0.0-036

New Member

How to tell if FIPS is enabled on C170 Appliance?

The upgrade notes from 7.6.3 to 8.0.x say FIPS will be disabled by default and you can enable/disable it and reissue certs after you upgrade.  I don't think we use FIPS now but I am not 100% positive, so how can I tell its current state on my Ironport?

Thank you,

Greg H.

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: How to tell if FIPS is enabled on C170 Appliance?

Hello Greg,

If you were running AsyncOS 7.6.x before the upgrade, or are still running it, you do not have to worry about this.  AsyncOS 7.3.x was the last version of AsyncOS that was both FIPs certified.    When upgrading from this older version to AsyncOS 8.0x,  FIPS will become disabled.  The Admin has to go  re-enabled FIPS once in AsyncOS 8.0.

The command to activate FIPS on AsyncOS 8.0.x for Email is fipsconfig.  

(Machine venetian-lab01.lab)> help fipsconfig

fipsconfig

    Configure FIPS mode.

If you are unsure if someone has activated teh feature, you can run the command, the preliminary output will inform you if it is active, or inactive.

(Machine venetian-lab01.lab)> fipsconfig

This command is restricted to "cluster" mode.  Would you like to switch to "cluster" mode? [Y]>

FIPS mode is currently disabled.

Choose the operation you want to perform:

- SETUP - Configure FIPS mode.

[]>

Best Regards,

-Alvaro

2 REPLIES
Cisco Employee

Re: How to tell if FIPS is enabled on C170 Appliance?

Hello Greg,

If you were running AsyncOS 7.6.x before the upgrade, or are still running it, you do not have to worry about this.  AsyncOS 7.3.x was the last version of AsyncOS that was both FIPs certified.    When upgrading from this older version to AsyncOS 8.0x,  FIPS will become disabled.  The Admin has to go  re-enabled FIPS once in AsyncOS 8.0.

The command to activate FIPS on AsyncOS 8.0.x for Email is fipsconfig.  

(Machine venetian-lab01.lab)> help fipsconfig

fipsconfig

    Configure FIPS mode.

If you are unsure if someone has activated teh feature, you can run the command, the preliminary output will inform you if it is active, or inactive.

(Machine venetian-lab01.lab)> fipsconfig

This command is restricted to "cluster" mode.  Would you like to switch to "cluster" mode? [Y]>

FIPS mode is currently disabled.

Choose the operation you want to perform:

- SETUP - Configure FIPS mode.

[]>

Best Regards,

-Alvaro

New Member

Re: How to tell if FIPS is enabled on C170 Appliance?

Thanks Alvaro, I confirm the fipsconfig is not even an available option in the CLI for 7.6.x.

Greg

229
Views
0
Helpful
2
Replies