Enable Fips-Mode - Cisco Firepower 4100 Command Reference Manual

enable fips-mode

enable fips-mode
To enable FIPS (Federal Information Processing Standard) mode, use the enable fips-mode command.
enable fips-mode
Syntax Description
This command has no arguments or keywords.
Security mode
Command Modes
Command History
Release
1.1(1)
Connectivity to one or more services may be denied when this command is committed. Also, a reboot of the
Usage Guidelines
system will be required.
Important
Prior to FXOS release 2.0.1, the existing SSH host key created during first-time setup of a device was
hard-coded to 1024 bits. To comply with FIPS and Common Criteria certification requirements, you must
destroy this old host key and generate a new one (see
creating and deleting SSH host keys). If you do not perform these additional steps, you will not be able to
connect to the Supervisor using SSH after the device has rebooted with Common Criteria mode enabled. If
you performed initial setup using FXOS 2.0.1 or later, you do not have to generate a new host key.
Example
This example shows how to enter security mode and enable FIPS mode:
FP9300-A # scope security
FP9300-A /security # enable fips-mode
Warning: Connectivity to one or more services may be denied when committed.
Please consult the product's FIPS Security Policy documentation.
WARNING: A reboot of the system is required in order for the system to be operating in a
FIPS approved mode.
FP9300-A /security* #
Related Commands
Command
disable fips-mode
show fips-mode
Cisco Firepower 4100/9300 FXOS Command Reference
96
Modification
Command added.
create ssh-server, on page 75
Description
Disables FIPS mode.
Shows current FIPS mode administrative and operational states.
A R Commands
for information about