Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Unsupported Junos-FIPS Configuration Statements

The following configuration statements are not supported on Junos-FIPS:

Statement

Description

set system services { ftp | finger | telnet | web-management | xnm-clear-text | tftp}

Junos-FIPS does not allow an unencrypted or weakly encrypted or a connection that relies on a vulnerable key establishment protocol.

set system services ssh protocol-version

Junos-FIPS allows the SSHv2 setting only.

set system login password format { des | md5 }

You must encrypt administrator passwords using strong algorithms, such as Secure Hash Algorithm (sha-256 and sha-512).

set system ike policy policy name proposal-set

Junos-FIPS does not support preconfigured proposal sets. You must configure an IKE proposal explicitly.

set system ike proposal proposal name authentication-algorithm md5

set system ipsec proposal proposal name authentication-algorithm hmac-md5-96

Junos-FIPS does not support Message Digest 5 (MD5). However it does support (sha-256 and sha-384).

set system ike proposal proposal name encryption-algorithm des-cbc

set system ipsec proposal proposal name encryption-algorithm des-cbc

Junos-FIPS does not support Data Encryption Standard (DES). However it does support Advanced Encryption Standard (AES) .

set system ike proposal proposal name protocol ah

Authentication Header (AH) protocol provides authentication but not encryption. Enhanced Security Protocol (ESP) is required.

set system ike proposal proposal name dh-group {group1 | group2}

Junos-FIPS does not support Diffie-Hellman (DH) groups 1 and 2. However, DH-group 14 and higher are supported on Junos-FIPS.

Related Documentation