Use the following procedures to enable FIPS-CC mode
on a software version that supports Common Criteria and the Federal
Information Processing Standards 140-2 (FIPS 140-2). When you enable
FIPS-CC mode, all FIPS and CC functionality is included.
FIPS-CC mode is supported on all Palo Alto Networks next-generation
firewalls and appliances—including VM-Series firewalls. To enable
FIPS-CC mode, first boot the firewall into the Maintenance Recovery
Tool (MRT) and then change the operational mode from normal mode
to FIPS-CC mode. The procedure to change the operational mode is
the same for all firewalls and appliances but the procedure to access
the MRT varies.
When you enable FIPS-CC mode, the firewall
will reset to the factory default settings; all configuration will