Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Enabling NFX250 device to FIPS Mode

 

FIPS mode is not automatically enabled when you install Junos OS on the NFX250 device.

As Crypto Officer, you must explicitly transition the device from non-FIPS mode to the FIPS mode for which NFX250 Network Services Platform are certified.

Note

To transition to FIPS mode, passwords must be encrypted with a FIPS-compliant hash algorithm. The encryption format must be SHA-1 or higher. Passwords that do not meet this requirement, such as passwords that are hashed with MD5, must be reconfigured or removed from the configuration before FIPS mode can be enabled.

To enable FIPS mode in Junos OS on the device:

  1. Enter in to JDM from NFX250 device.
  2. Add FIPS package on the device.
  3. Establish root password access according to FIPS guidelines. See Establishing Root Password Access (FIPS Mode)
  4. Initiate zeroize operation to change the Junos OS in to FIPS mode.
    Note

    The configuration set system fips level 1 is automatically configured when FIPS transition is completed.