Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Understanding Remote Access for Junos OS in FIPS Mode


When the switch is in Junos OS in FIPS mode, only SSH is available as a remote access service. To secure the information sent on administrative connections, use SSHv2 for CLI configuration. For SSH configuration information, see the Junos OS System Basics Configuration Guide.

Best Practice

For FIPS compliance, configure the switch over SSH connections because they are encrypted connections.

The Ethernet management (MGMT) port on the switch is disabled by default. To use the MGMT port, you must enable the me0 interface and assign it an IP address if you have not already done so. For more information, see the Junos OS System Basics Configuration Guide.

In Junos OS in FIPS mode, all critical security parameters (CSPs) must enter and leave the cryptographic module in encrypted form. Any CSP encrypted with a non-approved algorithm is considered plain text by FIPS. However, as the Crypto Officer, you can enter user authentication data in plain text. During initial configuration, you can also enter the IP Security (IPsec) keys for communication between internal Routing Engines in plain text on the console port (under manual key entry rules).