Fips Mode; Fips Mode Restrictions - HP A7533A - Brocade 4Gb SAN Switch Base Administrator's Manual
Hp storageworks fabric os 6.x administrator guide (5697-0015, may 2009)
Hide thumbs
Also See for A7533A - Brocade 4Gb SAN Switch Base:
- Administrator's manual (576 pages) ,
- Hardware reference manual (256 pages) ,
- User manual (248 pages)
Table of Contents
Advertisement
loading kernel
.
.
.
kjournald starting.
EXT3-fs: mounted filesystem with ordered data mode.
VFS: Mounted root (ext3 filesystem) readonly.
Trying to move old root to /initrd ... okay
Freeing unused kernel memory: 108k init
INIT: version 2.78 booting
sh-2.04#
5.
On all platforms, from the shell prompt, enter the following commands:
mount -o remount,rw,noatime /
mount /dev/hda2 /mnt
6.
Verify the FIPS configuration by typing the following at the command prompt:
/fabos/abin/fipscfg --showall
7.
If FIPS mode is 'Enabled', reset it by typing the following at the command prompt:
/fabos/abin/fipscfg --disable fips
8.
If Selftests mode is Enabled/None or Enabled/Pass or Enabled/Failed, reset it by typing the following
at the command prompt:
fipscfg --disable selftests
9.
Reboot the active system by typing the reboot command.
10.
Login to the switch or Active CP as admin or securityAdmin, and verify that the FIPS and SELFTESTS
modes have been reset by typing the fipscfg --showall command.
1 1.
On dual CP systems, reboot the standby CP and ensure that the system comes up.
FIPS mode
By default, the switch will come up non-FIPS mode. You can run the command fipscfg --enable, to
enable FIPS mode. Self-tests mode needs to be enabled, before FIPS mode can be enabled. A set of
pre-requisites as mentioned in the table below needs to be satisfied for the system to enter FIPS mode. See
the Fabric OS Command Reference Manual for additional FIPS related commands.
To be FIPS-compliant, the switch needs to be rebooted. KATs will be run on the reboot. If the KATs are
successful, the switch will enter FIPS mode. If KATs fail, then the switch will reboot until the KATs succeed.
You will need to access the switch in single-user mode to break the reboot cycle.
Only FIPS compliant algorithms will be run at this stage.
Table 41
FIPS mode restrictions
Features
Root account
Telnet/SSH access
SSH algorithms
HTTP/HTTPS access
HTTPS
protocol/algorithms
RPC/secure RPC
access
Secure RPC protocols
SNMP
130 Configuring advanced security features
Commit interval 5 seconds
FIPS mode
Disabled
Only SSH
HMAC-SHA1 (mac)
3DES-CBC, AES128-CBC, AES192-CBC,
AES256-CBC (cipher suites)
HTTPS only
TLS/AES128 cipher suite
Secure RPC only
TLS - AES128 cipher suite
Read-only operations
Non-FIPS mode
Enabled
Telnet and SSH
No restrictions
HTTP and HTTPS
TLS/AES128 cipher suite
(SSL will no longer be supported)
RPC and secure RPC
SSL and TLS – all cipher suites
Read and write operations
Advertisement
Table of Contents
Troubleshooting
