Understanding Device Configurations Running ScreenOS 5.4 FIPS and Later Overview
The following features are disabled on security devices running the Federal Information Processing Standards (FIPS) certified release of ScreenOS (ScreenOS 5.4 FIPS):
Group 5 Phase 2 IKE proposals
For more information about FIPS-enabled security devices, refer to the ScreenOS 5.0 FIPS Reference Note.
To configure and manage security devices running ScreenOS 5.0 FIPS using NSM, you must first configure a VPN tunnel between the device and the NSM GUI server. After establishing this tunnel, you cannot reconfigure tunnel parameters in NSM.
About Configuring Devices Running Future Releases of ScreenOS
You can use NSM to configure security devices running future releases of ScreenOS in one of three levels of support:
Forward Support (Basic)—When a new version of ScreenOS is available, you can download a schema patch that includes changes to the DCF and schema files, as well as the firmware tables, enabling you to manage devices using a previously known version of ScreenOS.
Forward Support (Blended)—When a new version of ScreenOS is available, you can download a schema patch, enabling you to manage devices using the new ScreenOS version. You cannot, however, manage the new features in ScreenOS with this level of support.
Full Support—When a new version of ScreenOS is available, you can download a schema patch, enabling you to manage devices using the new ScreenOS version. In addition, you can manage all the new features in that version of ScreenOS.
The support level is indicated in the Information screen for the device in the Device Manager.