Focus

GlobalProtect

FIPS-CC Security Functions

Table of Contents

Filter

Expand All | Collapse All

GlobalProtect Docs

Administration
Version
- 10.1 & Later
- 9.1 (EoL)
User Guide
Version
- 6.3
- 6.2
- 6.1
- 6.0
- 5.1
New Feature
Version
- 6.1
- 6.0
- 5.1
Release Notes
Version
- 6.3
- 6.2
- 6.1
- 6.0
- 5.1

Enable and Verify FIPS-CC Mode Using the macOS Property List

Troubleshoot FIPS-CC Mode

FIPS-CC Security Functions

Security functions are enforced for the GlobalProtect app when you enable FIPS-CC mode.

When you enable FIPS-CC mode for GlobalProtect, the following security functions are enforced for all GlobalProtect apps on Windows and macOS endpoints:

You must encrypt all VPN tunnels between the GlobalProtect app and gateways using TLS or IPSec.
When you configure an IPSec VPN tunnel, you must select a cipher suite option presented during IPSec setup.
When you configure an IPSec VPN tunnel, you can specify one of the following encryption algorithms:
- AES-CBC-128 (with the SHA1 authentication algorithm)
- AES-GCM-128
- AES-GCM-256
Both server and client certificates must use one of the following signature algorithms:
- RSA 2048 bit (or greater)
- ECDSA P-256
- ECDSA P-384
- ECDSA P-521
In addition, you must use a signature hash algorithm of SHA256, SHA384, or SHA512.

Enable and Verify FIPS-CC Mode Using the macOS Property List

Troubleshoot FIPS-CC Mode

GlobalProtect Docs

FIPS-CC Security Functions

GlobalProtect Docs

FIPS-CC Security Functions

Next-Generation Firewalls

SASE

Cloud-Delivered Security Services

Experts Corner