Use the following procedure to enable FIPS-CC
mode on a software version that supports Common Criteria and the
Federal Information Processing Standards 140-2 (FIPS 140-2). When
you enable FIPS-CC mode, all FIPS and CC functionality is included.
When you enable FIPS-CC mode, the firewall
will reset to the factory default settings; all configuration will
be removed.
Boot the firewall into maintenance mode as follows:
Establish a serial connection to the console
port on the firewall.
Enter the following CLI command:
debug system maintenance-mode
Press Enter to continue.
You can also reboot the firewall and
enter
maint
at the maintenance mode prompt.
Select
Set FIPS-CC Mode
from the
menu.
Select
Enable FIPS-CC Mode
from
the menu.
When prompted, select
Reboot
.
After successfully switching to FIPS-CC mode, the following status
displays:
FIPS-CC mode enabled successfully
.
In addition, the following changes will take place:
FIPS-CC
will
display at all times in the status bar at the bottom of the web
interface.
The console port functions as a status output port only.
The default admin login credentials change to admin/paloalto.