Configuring Fips Mode; Configuration Considerations; Enabling Fips Mode; Configuration Changes In Fips Mode - HPE FlexNetwork MSR Series Comware 5 Security Configuration Manual
Hide thumbs
Also See for FlexNetwork MSR Series:
- Configuration manual (861 pages) ,
- Comware 7 layer 3 - ip services configuration manuals (554 pages) ,
- Comware 5 layer 2 - wan access configuration manual (420 pages)
Table of Contents
Advertisement
Step
1.
Enter system view.
2.
Trigger a self-test.
Configuring FIPS mode
Configuration considerations
To enter the FIPS mode, follow these steps:
1.
Enable FIPS mode.
2.
Enable the password control function.
3.
Configure a username and password used to log in to the device.
The password must include at least 10 characters that must contain uppercase and lowercase
letters, digits, and special characters.
4.
Set the user level to 3, and service type to Terminal or Web.
5.
Delete all MD5-based digital certificates.
6.
Delete the DSA key pairs that have a modulus length of less than 1024 bits and all RSA key
pairs.
7.
Save the configuration.
Enabling FIPS mode
Follow these guidelines when you configure FIPS mode:
•
If you must enable both FIPS mode and the password control function, enable FIPS mode first.
•
If you must disable both FIPS mode and the password control function, disable password
control first.
To enable FIPS mode:
Step
1.
Enter system view.
2.
Enable FIPS mode.
Configuration changes in FIPS mode
When the system enters FIPS mode, the following changes occur:
•
The FTP/TFTP server is disabled.
•
The Telnet server is disabled.
•
The HTTP server is disabled.
•
SNMPv1 and SNMPv2c are disabled. Only SNMPv3 is available.
•
The SSL server only supports TLS1.0.
•
The SSH server does not support SSHv1 clients.
Command
system-view
fips mode enable
484
Command
system-view
fips self-test
Remarks
N/A
By default, the FIPS mode is
disabled.
Advertisement
Table of Contents
Troubleshooting
Need help?
Do you have a question about the FlexNetwork MSR Series and is the answer not in the manual?