Install the Secure SD-WAN Engine in FIPS mode

Use the Secure SD-WAN Configuration Wizard to install the Secure SD-WAN Engine in FIPS mode.

These steps are the high-level tasks. For complete installation instructions, see the Forcepoint FlexEdge Secure SD-WAN Installation Guide. Before upgrading, read the Forcepoint FlexEdge Secure SD-WAN Release Notes for the version you are upgrading to.

Note: Secure SD-WAN Engine appliances come with Secure SD-WAN Engine software pre-installed. Before setting the Secure SD-WAN Engine to use FIPS mode, upgrade the Secure SD-WAN Engine software to the version that you want to use.

Steps

  1. Download the Secure SD-WAN Engine software from https://⁠support.forcepoint.com/⁠Downloads, then validate the checksums.
    Note: Save the Secure SD-WAN Engine upgrade .zip file to the root directory of the USB drive or DVD media.
    For information about obtaining the installation files, see the Forcepoint FlexEdge Secure SD-WAN Installation Guide.
  2. Upgrade the Secure SD-WAN Engine software to the version that you want to use.
    1. In the Secure SD-WAN Configuration Wizard, select Firewall/VPN as the role.
    2. Select Upgrade.
    3. In the Select Source Media dialog box, select the appropriate media type, then click OK.
      The software update signature is verified.
    4. Click OK.
      The upgrade starts.
    5. Select Set kernel in FIPS mode after reboot.
    6. Click OK.
    Secure SD-WAN appliance restarts and displays the upgraded version.
  3. Configure the Secure SD-WAN Engine with the Secure SD-WAN Configuration Wizard.
    Follow the normal process to define the Secure SD-WAN Engine properties, with these exceptions:
    • Select FIPS-Compatible Operating Mode.

      This option enables the FIPS 140-2 cryptographic module.

    • (Optional) To use the cryptographic module updated for FIPS 140-3, select FIPS 140-3 Compatible Mode.
  4. To verify FIPS-Approved mode of operation, verify that the following messages are shown on the console when the Secure SD-WAN Engine appliance restarts:
    FIPS: rootfs integrity check OK

    This message confirms that the module's integrity test has been executed successfully.

    FIPS power-up tests succeeded

    This message confirms that the FIPS power-up self-tests have been executed successfully. If the power-up tests fail, a power-up test error message is shown and the module restarts.