Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All
     

    Related Documentation

     

    Unsupported Junos-FIPS Configuration Statements

    The following configuration statements are not supported on Junos-FIPS:

    Statement

    Description

    set system services { ftp | finger | telnet | web-management | xnm-clear-text | tftp}

    Junos-FIPS does not allow an unencrypted or weakly encrypted or a connection that relies on a vulnerable key establishment protocol.

    set system services ssh protocol-version

    Junos-FIPS allows the SSHv2 setting only.

    set system login password format { des | md5 }

    You must encrypt administrator passwords using strong algorithms, such as Secure Hash Algorithm (sha-256 and sha-512).

    set system ike policy policy name proposal-set

    Junos-FIPS does not support preconfigured proposal sets. You must configure an IKE proposal explicitly.

    set system ike proposal proposal name authentication-algorithm md5

    set system ipsec proposal proposal name authentication-algorithm hmac-md5-96

    Junos-FIPS does not support Message Digest 5 (MD5). However it does support (sha-256 and sha-384).

    set system ike proposal proposal name encryption-algorithm des-cbc

    set system ipsec proposal proposal name encryption-algorithm des-cbc

    Junos-FIPS does not support Data Encryption Standard (DES). However it does support Advanced Encryption Standard (AES) or 3DES.

    set system ike proposal proposal name protocol ah

    Authentication Header (AH) protocol provides authentication but not encryption. Enhanced Security Protocol (ESP) is required.

    set system ike proposal proposal name dh-group {group1 | group2}

    Junos-FIPS does not support Diffie-Hellman (DH) groups 1 and 2. However, DH-group 14 and higher are supported on Junos-FIPS.

     

    Related Documentation

     

    Modified: 2016-12-23