1. Home
    2. PAN-OS
    3. PAN-OS® Administrator’s Guide
    4. Certifications
    5. Enable FIPS and Common Criteria Support
    Previous
    Next
    Use the following procedure to enable FIPS-CC mode on a software version that supports Common Criteria and the Federal Information Processing Standards 140-2 (FIPS 140-2). When you enable FIPS-CC mode, all FIPS and CC functionality is included.
    		 When you enable FIPS-CC mode, the firewall will reset to the factory default settings; all configuration will be removed.
    Enable FIPS-CC Mode
    Boot the firewall into maintenance mode as follows: Establish a serial connection to the console port on the firewall. Enter the following CLI command: debug system maintenance-mode Press Enter to continue. You can also reboot the firewall and enter maint at the maintenance mode prompt.
    Select Set FIPS-CC Mode from the menu.
    Select Enable FIPS-CC Mode from the menu.
    When prompted, select Reboot. After successfully switching to FIPS-CC mode, the following status displays: FIPS-CC mode enabled successfully . In addition, the following changes will take place: FIPS-CC will display at all times in the status bar at the bottom of the web interface. The console port functions as a status output port only. The default admin login credentials change to admin/paloalto.
    Previous
    Next

    Related Documentation

    Certifications

    Certifications The following topics describe how to configure the firewall to support the Common Criteria and the Federal Information Processing Standard 140-2 (FIPS 140-2), which ...

    Known Issues

    Known Issues The following list describes WildFire Known Issues , GlobalProtect Known Issues , and Firewall and Panorama Known Issues in the PAN-OS 7.1 release: ...

    CLI Changes in PAN-OS 7.1

    CLI Changes in PAN-OS 7.1 PAN-OS 7.1 has the following CLI changes, which also affect corresponding PAN-OS XML API requests. You can use the CLI ...

    FIPS-CC Security Functions

    FIPS-CC Security Functions When FIPS-CC mode is enabled, the following security functions are enforced: To log into the firewall, the browser must be TLS 1.0 ...

    Reset the Firewall to Factory Default Settings

    Reset the Firewall to Factory Default Settings Resetting the firewall to factory defaults will result in the loss of all configuration settings and logs. Reset ...

    Upgrade/Downgrade Considerations

    Upgrade/Downgrade Considerations Table: PAN-OS 7.1 Upgrade/Downgrade Considerations lists the new features that have upgrade or downgrade impacts. Make sure you understand all potential changes before ...

    Replace an RMA Firewall

    Replace an RMA Firewall To minimize the effort required to restore the configuration on a managed firewall involving a Return Merchandise Authorization (RMA), replace the ...

    Device > Admin Roles

    Device > Admin Roles Select Device > Admin Roles to define Admin Role profiles, which are custom roles that determine the access privileges and responsibilities ...

    Device > Certificate Management > SCEP

    Device > Certificate Management > SCEP The simple certificate enrollment protocol (SCEP) provides a mechanism for issuing a unique certificate to endpoints, gateways, and satellite ...

    Device > Log Settings

    Device > Log Settings Select Device > Log Settings to configure alarms, clear logs, or enable log forwarding to Panorama and external services. Select Log ...

    © 2019 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo