Reference Guide
Brocade Fabric OS Command Reference 331
53-1004112-02
fipsCfg
To verify FIPS prerequisites:
switch:admin> fipscfg --verify fips
Standby firmware supports FIPS - PASS
SELF tests check has passed - PASS
Root account is enabled - FAIL
Radius check has passed - PASS
Authentication check has passed - PASS
Inflight Encryption check has passed - PASS
IPSec check has passed - PASS
Telnet port number <23> for the policy <default_ipv4> is in permit state.
HTTP port number <80> for the policy <default_ipv4> is in permit state.
RPC port number <897> for the policy <default_ipv4> is in permit state.
IPv4 policies not FIPS compliant - FAIL NEWLY Added message
Telnet port number <23> for the policy <default_ipv6> is in permit state.
HTTP port number <80> for the policy <default_ipv6> is in permit state.
RPC port number <897> for the policy <default_ipv6> is in permit state.
IPv6 policies not FIPS compliant - FAIL
SNMP is not in read only mode - FAIL
Bootprom access is enabled - FAIL
Firmwaredownload signature verification is disabled - FAIL
Secure config upload/download is disabled - FAIL
SSH DSA Keys check passed - PASS
Inband Management interface is disabled - PASS
Ipsecconfig is disabled. - PASS
Signature Algorithm used in LDAP CA certificate is not Sha256
Signature Algorithm used in Switch CA certificate is not Sha256
Signature Algorithm used in HTTPS certificate is not Sha256
Signature Algorithm used in FCAP certificate is not Sha256
Signature Algorithm used in FCAP CA certificate is not Sha256
Certificates are not FIPS compliant - FAIL
Certificates validation has passed - PASS
SSH client's ShaValue is not configured as 2 - FAIL
SSH client's MinPrime is not configured as 2048 - FAIL
SSH client's KexAlgorithms is not configured as diffie-hellman-group-exchange-sha256
- FAIL
SSH client's ServerHostKeySize is not configured as 2048 - FAIL
SSH server's ShaValue is not configured as 2 - FAIL
SSH config is not FIPS compliant - FAIL
To enable FIPS after prerequisites have been met:
switch:admin> fipscfg --enable fips
You are enabling FIPS.
Do you want to continue? (yes, y, no, n) [no] : yes
FIPS mode has been set to : Enabled
Please reboot the system
switch:admin> fipscfg --show
FIPS mode is : Enabled
To attempt enabling FIPS when prerequisites are not met:
switch:admin> fipscfg --enable fips
SelfTests mode is not enabled.
Root account is enabled.
Authentication uses MD5 hash algorithm.
Authentication uses DH group 0.