Reference Guide

ManualsBrandsDell ManualsAccess PlatformsBrocade G620

351

352

353

354

355

356

357

358

359

360

Brocade Fabric OS Command Reference 331

53-1004112-02

fipsCfg

To verify FIPS prerequisites:

switch:admin> fipscfg --verify fips

Standby firmware supports FIPS - PASS

SELF tests check has passed - PASS

Root account is enabled - FAIL

Radius check has passed - PASS

Authentication check has passed - PASS

Inflight Encryption check has passed - PASS

IPSec check has passed - PASS

Telnet port number <23> for the policy <default_ipv4> is in permit state.

HTTP port number <80> for the policy <default_ipv4> is in permit state.

RPC port number <897> for the policy <default_ipv4> is in permit state.

IPv4 policies not FIPS compliant - FAIL NEWLY Added message

Telnet port number <23> for the policy <default_ipv6> is in permit state.

HTTP port number <80> for the policy <default_ipv6> is in permit state.

RPC port number <897> for the policy <default_ipv6> is in permit state.

IPv6 policies not FIPS compliant - FAIL

SNMP is not in read only mode - FAIL

Bootprom access is enabled - FAIL

Firmwaredownload signature verification is disabled - FAIL

Secure config upload/download is disabled - FAIL

SSH DSA Keys check passed - PASS

Inband Management interface is disabled - PASS

Ipsecconfig is disabled. - PASS

Signature Algorithm used in LDAP CA certificate is not Sha256

Signature Algorithm used in Switch CA certificate is not Sha256

Signature Algorithm used in HTTPS certificate is not Sha256

Signature Algorithm used in FCAP certificate is not Sha256

Signature Algorithm used in FCAP CA certificate is not Sha256

Certificates are not FIPS compliant - FAIL

Certificates validation has passed - PASS

SSH client's ShaValue is not configured as 2 - FAIL

SSH client's MinPrime is not configured as 2048 - FAIL

SSH client's KexAlgorithms is not configured as diffie-hellman-group-exchange-sha256

- FAIL

SSH client's ServerHostKeySize is not configured as 2048 - FAIL

SSH server's ShaValue is not configured as 2 - FAIL

SSH config is not FIPS compliant - FAIL

To enable FIPS after prerequisites have been met:

switch:admin> fipscfg --enable fips

You are enabling FIPS.

Do you want to continue? (yes, y, no, n) [no] : yes

FIPS mode has been set to : Enabled

Please reboot the system

switch:admin> fipscfg --show

FIPS mode is : Enabled

To attempt enabling FIPS when prerequisites are not met:

switch:admin> fipscfg --enable fips

SelfTests mode is not enabled.

Root account is enabled.

Authentication uses MD5 hash algorithm.

Authentication uses DH group 0.