Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Enabling FIPS mode

 

You, as Crypto Officer, can enable and configure Junos OS in FIPS mode on your router or switch.

Before you begin enabling and configuring FIPS mode on the router or switch:

To enable and configure Junos OS in FIPS mode, perform the following tasks. Follow the links for instructions.

  1. Connect to console port and zeroize the device to delete all CSPs before entering FIPS mode.
  2. After the device comes up in ’Amnesiac mode’, login using username root and password "" (blank).
  3. Configure root authentication.
  4. Load configuration onto device and commit new configuration.
  5. Configure Crypto Officer authentication and login using Crypto Officer credentials.
  6. Install fips-mode package needed for Routing Engine KATS.
  7. Configure fips level 1 and commit.

    Device might display Encrypted-password must be re-configured to use FIPS compliant hash warning to delete older CSP in loaded configuration.

  8. After deleting and reconfiguring CSPs, commit will go through and device needs reboot to enter FIPS mode.
  9. After rebooting the device, FIPS self-tests will run and device enters FIPS mode.

After you as the Crypto Officer complete Junos OS in FIPS mode configuration, you can connect the router or switch to the network and proceed with normal configuration.