FAQ

Does ProxySG products support FIPS mode?

FAQ ID:    FAQ1865
Version:    1.0
Status:    Published
Published date:    01/27/2012
 

Answer

From SGOS 5.3 Blue Coat ProxySG supports Federal Information Processing Standards (FIPS) mode.
When active, the system acts in accordance with FIPS 140-2 requirements. In this mode, the ProxySG loads the Management Console over a TLSv1 secured connection only.
If the browser uses JRE 1.5 or earlier, you must explicitly enable TLSv1. With JRE 1.6, TLSv1 is enabled by default. Versions of Internet Explorer before IE7 do not have TLSv1 support enabled by default. You must select Enable TLS 1.0 in IE's advanced security options. With IE7, TLSv1 support is enabled by default.

To check if the currently installed SGOS versions are FIPS capable you can use the CLI:

10.91.22.2 - Blue Coat SG210 Series#(config installed-systems)view
ProxySG Appliance Systems
1. Version: SGOS 6.3.1.1, Release ID: 78243
   Wednesday November 30 2011 22:22:51 UTC,
   Attributes: Signed, FIPS capable
   Boot Status: Last boot succeeded, Last Successful Boot: Wednesday January 18 2012 14:26:10 UTC
   Disk Layout: Compatible
2. Version: SGOS 6.2.5.1, Release ID: 76459
   Thursday October 13 2011 22:03:24 UTC,
   Attributes: Signed, FIPS capable
   Boot Status: Last boot succeeded, Last Successful Boot: Friday December 16 2011 08:47:09 UTC
   Disk Layout: Compatible
3. Version: SGOS 6.1.5.2, Release ID: 74797
   Thursday August 18 2011 06:38:46 UTC,
   Attributes: Signed, FIPS capable
   Boot Status: Last boot succeeded, Last Successful Boot: Friday December 16 2011 09:16:10 UTC
   Disk Layout: Compatible
4. Version: SGOS 5.5.6.2, Release ID: 71837
   Thursday June 30 2011 00:57:59 UTC,
   Attributes: FIPS capable
   Boot Status: Last boot succeeded, Last Successful Boot: Wednesday January 18 2012 14:24:10 UTC
   Disk Layout: Compatible
5. Version: SGOS 4.3.4.1, Release ID: 52168
   Thursday November 25 2010 06:54:02 UTC,
   Attributes: None
   Boot Status: Last boot succeeded, Last Successful Boot: Wednesday January 18 2012 11:43:56 UTC
   Disk Layout: Compatible
Default system to run on next hardware restart: 1
System to replace next: 5
Current running system: 1
Enforce signed: Disabled

 

FIPS mode can be enabled and disabled only from the command line interface via serial console, not from SSH or from the Management Console.
When you enable or disable FIPS mode, the ProxySG reinitializes, reboots, and will be out of service for up to several minutes. When FIPS mode is enabled serial access must be protected by password.

 

Use these commands from CLI to enable and disable FIPS:
# fips-mode enable
# fips-mode disable

 

Press "enter" three times to activate the serial console
       Welcome to the SG Appliance Serial Console

         Version: SGOS 6.3.1.1, Release id: 78243

------------------------- MENU -----------------------------

1) Command Line Interface
2) Setup Console

------------------------------------------------------------

Enter option:
Welcome to the SG Appliance command line interface

Type "exit" at the main prompt to quit


10.91.22.2 - Blue Coat SG210 Series>en
Enable Password:
10.91.22.2 - Blue Coat SG210 Series#fips-mode ?
 disable                      Disable FIPS mode
 enable                       Enable FIPS mode

10.91.22.2 - Blue Coat SG210 Series#fips-mode enable
WARNING:
        FIPS mode enable will result in loss of access log,
        event log and configuration information.
        The SG Appliance will also be forced to restart.
        After the restart, further configuration will have to be
        done while physically situated at the SG Appliance.
        Proceed with extreme caution.
Continue with system re-initialization? (y/n)[n]: Y
Re-initializing system, please wait...
Clearing security information....


Waiting for disk activity to cease
This system is in FIPS mode

Starting initialization of machine.
This may take a while, please be patient.
System initialized.


Press "enter" three times to activate the serial console

 

 

 

 

 


Rate this Page

Please take a moment to complete this form to help us better serve you.

Did this document help answer your question?
 
 
If you are finished providing feedback, please click the RATE CONTENT button. Otherwise, please add more detail in the following text box and then click RATE CONTENT.
 
 

Your response will be used to improve our document content.

Ask a Question