Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1693
Views
0
Helpful
2
Replies

How to tell if FIPS is enabled on C170 Appliance?

Go to solution
Greg Hopp
Level 1
Level 1

‎03-01-2014 08:26 AM

The upgrade notes from 7.6.3 to 8.0.x say FIPS will be disabled by default and you can enable/disable it and reissue certs after you upgrade.  I don't think we use FIPS now but I am not 100% positive, so how can I tell its current state on my Ironport?

Thank you,

Greg H.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Alvaro J Gordon-Escobar
Cisco Employee
Cisco Employee

‎03-02-2014 06:47 AM

Hello Greg,

If you were running AsyncOS 7.6.x before the upgrade, or are still running it, you do not have to worry about this.  AsyncOS 7.3.x was the last version of AsyncOS that was both FIPs certified.    When upgrading from this older version to AsyncOS 8.0x,  FIPS will become disabled.  The Admin has to go  re-enabled FIPS once in AsyncOS 8.0.

The command to activate FIPS on AsyncOS 8.0.x for Email is fipsconfig.  

(Machine venetian-lab01.lab)> help fipsconfig

fipsconfig

    Configure FIPS mode.

If you are unsure if someone has activated teh feature, you can run the command, the preliminary output will inform you if it is active, or inactive.

(Machine venetian-lab01.lab)> fipsconfig

This command is restricted to "cluster" mode.  Would you like to switch to "cluster" mode? [Y]>

FIPS mode is currently disabled.

Choose the operation you want to perform:

- SETUP - Configure FIPS mode.

[]>

Best Regards,

-Alvaro

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Alvaro J Gordon-Escobar
Cisco Employee
Cisco Employee

‎03-02-2014 06:47 AM

Hello Greg,

If you were running AsyncOS 7.6.x before the upgrade, or are still running it, you do not have to worry about this.  AsyncOS 7.3.x was the last version of AsyncOS that was both FIPs certified.    When upgrading from this older version to AsyncOS 8.0x,  FIPS will become disabled.  The Admin has to go  re-enabled FIPS once in AsyncOS 8.0.

The command to activate FIPS on AsyncOS 8.0.x for Email is fipsconfig.  

(Machine venetian-lab01.lab)> help fipsconfig

fipsconfig

    Configure FIPS mode.

If you are unsure if someone has activated teh feature, you can run the command, the preliminary output will inform you if it is active, or inactive.

(Machine venetian-lab01.lab)> fipsconfig

This command is restricted to "cluster" mode.  Would you like to switch to "cluster" mode? [Y]>

FIPS mode is currently disabled.

Choose the operation you want to perform:

- SETUP - Configure FIPS mode.

[]>

Best Regards,

-Alvaro

0 Helpful

Go to solution
Greg Hopp
Level 1
Level 1
In response to Alvaro J Gordon-Escobar

‎03-03-2014 06:16 AM

Thanks Alvaro, I confirm the fipsconfig is not even an available option in the CLI for 7.6.x.

Greg

0 Helpful
Customers Also Viewed These Support Documents