Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Unsupported Junos-FIPS Configuration Statements

The following configuration statements are not supported on Junos-FIPS:

Statement

Description

set system services { ftp | finger | telnet | web-management | xnm-clear-text | tftp}

Junos-FIPS does not allow an unencrypted or weakly encrypted or a connection that relies on a vulnerable key establishment protocol.

set system services ssh protocol-version

Junos-FIPS allows the SSHv2 setting only.

set system login password format { des | md5 }

You must encrypt administrator passwords using strong algorithms, such as Secure Hash Algorithm (sha-256 and sha-512).

set system ike policy policy name proposal-set

Junos-FIPS does not support preconfigured proposal sets. You must configure an IKE proposal explicitly.

set system ike proposal proposal name authentication-algorithm md5

set system ipsec proposal proposal name authentication-algorithm hmac-md5-96

Junos-FIPS does not support Message Digest 5 (MD5). However it does support (sha-256 and sha-384).

set system ike proposal proposal name encryption-algorithm des-cbc

set system ipsec proposal proposal name encryption-algorithm des-cbc

Junos-FIPS does not support Data Encryption Standard (DES). However it does support Advanced Encryption Standard (AES).

set system ike proposal proposal name protocol ah

Authentication Header (AH) protocol provides authentication but not encryption. Enhanced Security Protocol (ESP) is required.

set system ike proposal proposal name dh-group {group1 | group2}

Junos-FIPS does not support Diffie-Hellman (DH) groups 1 and 2. However, DH-groups 14, 19 and 20 are supported on Junos-FIPS.