Change the Operational Mode to FIPS-CC Mode

The following procedure describes how to change the operational mode of a Palo Alto Networks product from normal mode to FIPS-CC mode.
  1. Connect to the firewall or appliance and Access the Maintenance Recovery Tool (MRT).
  2. Select
    Set FIPS-CC Mode
    from the menu.
  3. Select
    Enable FIPS-CC Mode
    . The mode change operation starts and a status indicator shows progress. After the mode change is complete, the status shows
  4. When prompted, select
    If you change the operational mode on a VM-Series firewall deployed in the public cloud (AWS or Azure) and you lose your SSH connection to the MRT before you are able to
    , you must wait 10-15 minutes for the mode change to complete, log back into the MRT, and then reboot the firewall to complete the operation.
    After you switch to FIPS-CC mode, you see the following status:
    FIPS-CC mode enabled successfully
    In addition, the following changes are in effect:
    • FIPS-CC displays at all times in the status bar at the bottom of the web interface.
    • The default administrator login credentials change to admin/paloalto.
    See FIPS-CC Security Functions for details on the security functions that are enforced in FIPS-CC mode.

Recommended For You