Enable FIPS mode

You can enable your device to be Federal Information Processing Standard (FIPS) 140-2 compliant.

With FIPs 140-2 compliance, only FIPS 140-2 cipher and MAC algorithms are available. As a result, features like stunnel, ssh, and openvpn are limited in what they can use. For example, in FIPS mode ssh will only offer and negotiate AES based ciphers.

When the FIPS setting is changed, the device will reboot automatically. Disabling FIPS after it has been enabled will cause the current configuration to be erased.

 

  Web

1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights.
2. Access the device configuration:
   Remote Manager:

   1. Locate your device as described in Use Digi Remote Manager to view and manage your device.
   2. Click the Device ID.
   3. Click Settings.
   4. Click to expand Config.
   Local Web UI:

   1. On the menu, click System. Under Configuration, click Device Configuration.

      

      The Configuration window is displayed.

3. Expand System.
   

4. Click to enable FIPs.

5. Click Apply to save the configuration and apply the change.

6. Click System > Reboot to reboot the device.

  Command line

1. Select the device in Remote Manager and click Actions > Open Console, or log into the TX64 local command line as a user with full Admin access rights.

   Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

2. Enable FIPS:

   (config)> system fips true
   >

3. Save the change:

   (config)> save
   >

4. Reboot the device:

   > reboot
   >