Focus

GlobalProtect

Enable and Verify FIPS-CC Mode Using Workspace ONE on iOS Endpoints

Table of Contents

Filter

Expand All | Collapse All

GlobalProtect Docs

Administration
Version
- 10.1 & Later
- 9.1
User Guide
Version
- 6.2
- 6.1
- 6.0
- 5.3
- 5.2
- 5.1
New Feature
Version
- 6.1
- 6.0
- 5.2
- 5.1
Release Notes
Version
- 6.2
- 6.1
- 6.0
- 5.3
- 5.2
- 5.1

Enable and Verify FIPS-CC Mode on macOS Endpoints

Enable FIPS Mode on Linux EndPoints with Ubuntu or RHEL

Enable and Verify FIPS-CC Mode Using Workspace ONE on iOS Endpoints

Use the following steps to enable and verify FIPS-CC mode for GlobalProtect™ on iOS endpoints using Workspace ONE.

To enable FIPS-CC for iOS and Android endpoints, you must use the GlobalProtect version GlobalProtect for Governments
. Contact Palo Alto Support and create a case to access the GlobalProtect for Governments
version, which is privately distributed.

Enable FIPS mode for iOS endpoints.

Configure Workspace ONE for iOS endpoints.

Download the GlobalProtect app for iOS endpoints and Deploy the GlobalProtect Mobile App Using Workspace ONE.

From the Workspace ONE console, modify an existing Apple iOS profile or add a new one.

To add a new profile:

Select

Resources

Profiles & Baselines

Profiles

ADD

, then

Add Profile

Select

iOS

from the platform list.

Select

Device Profile

from the

Select Context Window

On the

Resources

Profiles & Baselines

Profiles

page, select the

for which you want to enable FIPS-CC mode.

Configure the General, VPN, and Credentials (Optional) settings for the

that you want to create.

On the VPN page, under

Custom Data

Specify the

Key

value as

enable-fips-cc-mode

Set the

Value

Yes

Save and Publish

your changes.

After you enable the FIPS-CC mode on the Workspace ONE console, the console pushes the updated FIPS-CC mode configuration to the iOS endpoints.

Ensure that the updated configuration is pushed from the console to the iOS endpoints. On the iOS endpoint, select

Settings

General

VPN & Device Management

VPN

. The

VPN Configuration

screen displays the latest configuration.The following screenshot shows an example of VPN configuration.

Verify that FIPS-CC mode is enabled on the GlobalProtect app.

Launch the GlobalProtect app.

From the status panel, open the settings dialog (

Select

About

Verify that FIPS-CC mode is enabled. If FIPS-CC mode is enabled, the About dialog displays the

FIPS-CC Mode Enabled

status.

If FIPS-CC mode could not be enabled successfully, the About dialog displays the

FIPS-CC Mode Failed

status.

You cannot disable the FIPS-CC mode on iOS endpoints. To disable the FIPS-CC mode, you must remove the iOS device from the respective configuration profile through the Workspace ONE console.

View the logs to view the GlobalProtect app logs related to FIPS-CC mode on iOS endpoints.

View, collect, and send the logs to the administrator to troubleshoot and resolve the issues related to FIPS-CC mode on iOS devices.

Enable and Verify FIPS-CC Mode on macOS Endpoints

Enable FIPS Mode on Linux EndPoints with Ubuntu or RHEL

GlobalProtect Docs

Enable and Verify FIPS-CC Mode Using Workspace ONE on iOS Endpoints

GlobalProtect Docs

Enable and Verify FIPS-CC Mode Using Workspace ONE on iOS Endpoints

Recommended For You

Next-Generation Firewalls

SASE

Cloud-Delivered Security Services

Experts Corner