Unsupported Junos-FIPS Configuration Statements
The following configuration statements are not supported on Junos-FIPS:
Statement | Description |
|---|---|
set system services { ftp | finger | telnet | web-management | xnm-clear-text | tftp} | Junos-FIPS does not allow an unencrypted or weakly encrypted or a connection that relies on a vulnerable key establishment protocol. |
set system services ssh protocol-version | Junos-FIPS allows the SSHv2 setting only. |
set system login password format { des | md5 } | You must encrypt administrator passwords using strong algorithms, such as Secure Hash Algorithm (sha-256 and sha-512). |
set system ike policy policy name proposal-set | Junos-FIPS does not support preconfigured proposal sets. You must configure an IKE proposal explicitly. |
set system ike proposal proposal name authentication-algorithm md5 set system ipsec proposal proposal name authentication-algorithm hmac-md5-96 | Junos-FIPS does not support Message Digest 5 (MD5). However it does support (sha-256 and sha-384). |
set system ike proposal proposal name encryption-algorithm des-cbc set system ipsec proposal proposal name encryption-algorithm des-cbc | Junos-FIPS does not support Data Encryption Standard (DES). However it does support Advanced Encryption Standard (AES) or 3DES. |
set system ike proposal proposal name protocol ah | Authentication Header (AH) protocol provides authentication but not encryption. Enhanced Security Protocol (ESP) is required. |
set system ike proposal proposal name dh-group {group1 | group2} | Junos-FIPS does not support Diffie-Hellman (DH) groups 1 and 2. However, DH-group 14 and higher are supported on Junos-FIPS. |