Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


How to Enable and Configure Junos OS in FIPS Mode of Operation


You, as Cryptographic Officer, can enable and configure Junos OS in FIPS mode of operation on your device. Before you begin enabling and configuring FIPS mode of operation on the device:

To enable the Junos OS in FIPS mode of operation, perform the following steps:

  1. Enable the FIPS mode on the device.

    user@host> set system fips level 2

  2. Commit and reboot the device.

    user@host> commit

  3. Run integrity and self-tests on powering on the device when the module is operating in the FIPS mode.Note

    If the module was previously in a non-approved mode of operation, the Cryptographic Officer must zeroize the critical security parameters (CSPs) by following the instructions in Understanding Zeroization to Clear System Data for FIPS Mode of Operation.

  4. Ensure that the backup image of the firmware is also a JUNOS-FIPS image by issuing the request system snapshot command. Note

    Use of AES-GCM is only FIPS-approved when it is configured for use along with IKEv2.

  5. Configure IKEv2 when AES-GCM is used for encryption of IKE and/or IPSec.

The show configuration security ike and show configuration security ipsec commands display the approved and configured IKE/IPsec configuration for the device operating in FIPS-approved mode.

The fips keyword next to the hostname in the output indicates that the module is operating in FIPS mode for Junos Software Release 15.1X49-D60.

Related Documentation