Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Unsupported Junos-FIPS Configuration Statements

The following configuration statements are not supported on Junos-FIPS:

Statement

Description

set system services { ftp | finger | telnet | web-management | xnm-clear-text | tftp}

Junos-FIPS does not allow an unencrypted or weakly encrypted or a connection that relies on a vulnerable key establishment protocol.

set system services ssh protocol-version

Junos-FIPS allows the SSHv2 setting only.

set system login password format { des | md5 }

You must encrypt administrator passwords using strong algorithms, such as Secure Hash Algorithm (sha-256 and sha-512).

set security ike policy policy name proposal-set

Junos-FIPS does not support preconfigured proposal sets. You must configure an IKE proposal explicitly.

set security ike proposal proposal name authentication-algorithm md5

set security ipsec proposal proposal name authentication-algorithm hmac-md5-96

Junos-FIPS does not support Message Digest 5 (MD5). However it does support (sha-256 and sha-384).

set security ike proposal proposal name encryption-algorithm des-cbc

set security ipsec proposal proposal name encryption-algorithm des-cbc

Junos-FIPS does not support Data Encryption Standard (DES). However it does support Advanced Encryption Standard (AES) or 3DES.

set security ike proposal proposal name protocol ah

Authentication Header (AH) protocol provides authentication but not encryption. Enhanced Security Protocol (ESP) is required.

set security ike proposal proposal name dh-group {group1 | group2}

Junos-FIPS does not support Diffie-Hellman (DH) groups 1 and 2. However, DH-group 14 and higher are supported on Junos-FIPS.