Change the Operational Mode to FIPS-CC Mode

The following procedure describes how to change the operational mode of a Palo Alto Networks product from normal mode to FIPS-CC mode.
  1. Connect to the firewall or appliance and Access the Maintenance Recovery Tool (MRT).
  2. Select
    Set FIPS-CC Mode
    from the menu.
  3. Select
    Enable FIPS-CC Mode
    . The mode change operation starts and a status indicator shows progress. After the mode change is complete, the status shows
  4. When prompted, select
    If you change the operational mode on a VM-Series firewall deployed in the public cloud and you lose your SSH connection to the MRT before you are able to
    , you must wait 10-15 minutes for the mode change to complete, log back into the MRT, and then reboot the firewall to complete the operation. After resetting to FIPS-CC mode, you must use the SSH key to log in and then configure a username and password that you can use for subsequently logging in to the firewall web interface.
    After you switch to FIPS-CC mode, you see the following status:
    FIPS-CCmode enabled successfully
    In addition, the following changes are in effect:
    • FIPS-CC displays at all times in the status bar at the bottom of the web interface.
    • The default administrator login credentials change to admin/paloalto.
    See FIPS-CC Security Functions for details on the security functions that are enforced in FIPS-CC mode.

Recommended For You