• SonicOS 7.1
• About SonicOS
  • Working with SonicOS
  • SonicOS Workflow
  • How to Use the SonicOS Administration Guides
  • Guide Conventions
• About Device Settings
• Managing SonicWall Licenses
  • Licenses
  • Managing Security Services
    • Services Summary
    • Managing Security Services Online
      • Managing Services from SonicOS Management Interface
      • Synchronizing Changes
    • Manual Upgrade for Closed Environments
  • Registering Your SonicWall Appliance
  • Activating the Gateway Anti-Virus, Anti-Spyware, and IPS License
  • Activating FREE TRIALs
• System Administration
  • Configuring the Firewall Name
  • Enabling Wireless LAN and IPv6
  • Changing the Administrator Name and Password
  • Configuring Login Security
    • Configuring Password Compliance
    • Configuring Login Constraints
  • Multiple Administrators Support
    • Working of Multiple Administrators Support
      • Configuration Modes
      • User Groups
      • Priority for Preempting Administrators
      • GMS and Multiple Administrator Support
    • Configuring Multiple Administrator Access
  • Enabling Enhanced Audit Logging Support
  • Configuring the Wireless LAN Controller
  • Enabling SonicOS API and Configuring Authentication Methods
  • Enabling GMS Management
  • Configuring the Management Interface
    • Managing through HTTP/HTTPS
    • Selecting a Security Certificate
    • Controlling the Management Interface Tables
    • Enforcing TLS Version
    • Switching Configuration Modes
    • Deleting Browser Cookies
    • Configuring SSH Management
  • Client Certificate Verification
    • About Common Access Card
    • Configuring Client Certificate Verification
    • Using the Client Certificate Check
    • Checking Certificate Expiration
    • Troubleshooting User Lock Out
  • Selecting a Language
• Configuring Time Settings
  • Setting System Time
  • Configuring NTP Settings
    • Using a Custom NTP Server for Updating the Firewall Clock
    • Adding an NTP Server
    • Editing an NTP Server Entry
    • Deleting NTP Server Entry
• Managing Certificates
  • About Digital Certificates
  • About the Certificates Table
  • About Certificate Details
  • Importing Certificates
    • Importing a Local Certificate
    • Importing a Certificate Authority Certificate
    • Creating a PKCS-12 Formatted Certificate File (Linux Systems Only)
  • Deleting Certificates
  • Generating a Certificate Signing Request
  • Configuring Simple Certificate Enrollment Protocol
• Administering SNMP
  • About SNMP
  • Setting Up SNMP Access
    • Enabling and Configuring SNMP Access
      • Configuring Basic Functionality
      • Configuring SNMPv3 Engine IDs
      • Configuring Object IDs for SNMPv3 Views
    • Setting Up SNMPv3 Groups and Access
      • Creating Groups and Adding Users and Access
        • Creating a Group
        • Adding Access
        • Adding Users
  • Configuring SNMP as a Service and Adding Rules
• Firmware Settings
  • Firmware Management and Backup
    • Firmware Management & Backup Tables
      • Local Table
      • Cloud Table
      • Show Configuration Files Table
    • Searching the Table
  • Creating a Backup Firmware Image
    • Creating a Local Backup Firmware Image
    • Creating a Cloud Backup Firmware Image
    • Scheduling Firmware Image Backups
      • Scheduling a One-Time Backup
      • Scheduling Recurring Backups
      • Deleting Scheduled Backups
  • Updating Firmware
    • Updating Firmware Manually
    • Firmware Auto Update
    • Using SafeMode to Upgrade Firmware
  • Importing and Exporting Settings
    • Importing Settings
    • Exporting Settings
  • Configuring Firmware and Backup Settings
    • Send Settings or Reports by FTP
    • Sending Diagnostic Reports to Technical Support
    • Boot Settings
    • One-Touch Configuration Overrides
    • Enabling FIPS Mode
    • Enabling NDPP mode
• Storage
  • Storage Overview Tab
    • Diagnostics Data
    • Configuration Backup
    • System Logs
    • Threat Logs
    • Packet Captures
    • Logs (Legacy)
• Restarting the System
• SonicWall Support
  • About This Document

Enabling FIPS Mode

When operating in FIPS (Federal Information Processing Standard) Mode, the SonicWall security appliances support FIPS 140-2 Compliant security. Among the FIPS-compliant features of the son include PRNG-based on SHA-1 and support of only FIPS-approved algorithms (DES, 3DES, and AES with SHA-1).

To enable FIPs and see a list of which of your current configurations are not allowed or are not present

The Enable FIPS Mode option cannot be enabled at the same time as the Enable NDPP Mode option, which is also on the Firmware and Settings > Settings dialog.

1. Navigate to Device | Settings > Firmware and Settings.
2. Click Settings.
3. Click FIPS/NDPP.

4. Enable the Enable FIPS Mode option.

   

5. Click OK.

   The FIPS Mode SETTING COMPLIANCE CHECKLIST dialog appears with a list of your required and not allowed configurations.

   

6. If your SonicWall appliance:
   • Complies with the checklist, go to Step 7.

   • Does not comply with the checklist, manually change or disable settings to be compliant with FIPS mode setting compliance checklist.

     Leave the checklist dialog open while you make the configuration changes. If you click OK before all required changes are complete, the Enable FIPS Mode checkbox is cleared automatically upon closing the verification dialog. Select the checkbox again to see what configuration changes are still needed for FIPS compliance.

7. Click OK to reboot the security appliance in FIPS mode. A second warning displays.

8. Click Yes to continue rebooting. To return to normal operation, clear the Enable FIPS Mode checkbox and reboot the firewall in non-FIPS mode.

   When using the SonicWall security appliance for FIPS-compliant operation, the tamper-evident sticker that is affixed to the SonicWall security appliance must remain in place and untouched.