Use the following procedure to enable FIPS-CC mode on a software version that supports Common Criteria and the Federal Information Processing Standards 140-2 (FIPS 140-2). When you enable FIPS-CC mode, all FIPS and CC functionality is included.
When you enable FIPS-CC mode, the firewall will reset to the factory default settings; all configuration will be removed.
Enable FIPS-CC Mode
Boot the firewall into maintenance mode as follows: Establish a serial connection to the console port on the firewall. Enter the following CLI command: debug system maintenance-mode Press Enter to continue. You can also reboot the firewall and enter maint at the maintenance mode prompt.
Select Set FIPS-CC Mode from the menu.
Select Enable FIPS-CC Mode from the menu.
When prompted, select Reboot. After successfully switching to FIPS-CC mode, the following status displays: FIPS-CC mode enabled successfully . In addition, the following changes will take place: FIPS-CC will display at all times in the status bar at the bottom of the web interface. The console port functions as a status output port only. The default admin login credentials change to admin/paloalto.

Related Documentation