GlobalProtect
Enable FIPS Mode on Linux EndPoints with Ubuntu or RHEL
Table of Contents
Enable FIPS Mode on Linux EndPoints with Ubuntu or RHEL
Use the following steps to enable and verify FIPS-CC mode for GlobalProtect™ on Linux endpoints
running Ubuntu or Red Hat Enterprise Linux (RHEL) 8.1 platforms.
- Ensure that FIPS-CC mode is disabled on the Linux endpoints with Ubuntu or Red Hat Enterprise Linux (RHEL) 8.1.
- Install the GlobalProtect app on your Linux endpoint.
- (Optional) If a client certificate is used for authentication, install and set up client certificate.
- Modifypangps.xmlto enable FIPS-CC mode.On Linux endpoints, the pre-deployment configuration file (pangps.xml) is located in/opt/paloaltonetworks/globalprotect.Inpangps.xmlfile, underSettings, add<enable-fips-cc-mode>yes</enable-fips-cc-mode>For example:<?xml version="x.x" encoding="UTF-8"?><GlobalProtect> <Settings> <enable-fips-cc-mode>yes</enable-fips-cc-mode> <disable-globalprotect>0</disable-globalprotect> </Settings>
- Enable FIPS-CC mode on the Linux endpoint with Ubuntu or Red Hat Enterprise Linux (RHEL) 8.1.
- Reboot the Linux endpoint in order for the pre-deployment configuration changes to take effect.
- Verify that FIPS-CC mode is enabled on the GlobalProtect app.
- Launch the GlobalProtect app.
- From the status panel, open the settings dialog (
). - SelectAbout.
- Verify that FIPS-CC mode is enabled. If FIPS-CC mode is enabled, the About dialog displays theFIPS-CC Mode Enabledstatus. For CLI version, you can use the CLI commandglobalprotect show --version.
If FIPS-CC mode could not be enabled successfully, the About dialog displays theFIPS-CC Mode Failedstatus.
- View the logs to view the GlobalProtect app logs related to FIPS-CC mode on Linux endpoints.
- View, collect, and send the logs to the administrator to troubleshoot and resolve the issues related to FIPS-CC mode on Linux devices.