Check the SMC Appliance self-tests

The SMC Appliance contains several modules that run self-tests when the SMC Appliance starts.

Known answer tests (KAT) and pairwise consistency tests (PCT) are run.

Table 1. Bouncy Castle FIPS Java API software module self-tests
Algorithm Type
Software integrity HMAC-SHA-256
AES KAT
CCM KAT
AES-CMAC KAT
FFC KAS KAT
DRBG KAT, Continuous, Health Checks
DSA KAT, PCT
ECDSA KAT, PCT
GCM/GMAC KAT
HMAC KAT
ECC KAS KAT
SP 800-108 KBKDF KAT
RSA KAT, PCT
SHS KAT
TDES KAT
TDES-CMAC KAT
Extendable-Output functions (XOF) KAT
Key Wrapping Using RSA KAT
Key Transport Using RSA KAT
NDRNG Continuous
DH PCT
ECDH/ECCDH PCT
Table 2. OpenSSL FIPS self-tests
Algorithm Type
Software integrity HMAC-SHA-256
HMAC KAT
AES KAT
AES CCM KAT
AES GCM KAT
AES XTS KAT
AES CMAC KAT
TDES KAT
TDES CMAC KAT
RSA KAT, PCT
DSA KAT, PCT
ECDSA KAT, PCT
DRBG KAT, Continuous
Diffie-Hellman KAT
EC Diffie-Hellman KAT
SHA1 KAT
SHA2 KAT
SHA3 KAT
KBKDF KAT
PBKDF2 KAT
Table 3. NSS Cryptographic Module self-tests
Algorithm Type
AES KAT
TDES KAT
DSA KAT
ECDSA KAT
RSA KAT
SHS KAT
HMAC KAT
DRBG KAT
Software integrity DSA signature verification

Check the self-test results in the console.

  • If the Bouncy Castle FIPS Java API cryptographic module self-test fails, the server application fails to start and an error message is shown on the console. The error message is also sent to SMC Appliance syslog.
    Starting Forcepoint NGFW Management Server:                    [FAILED]
    SMC: Cryptographic self-tests failed. Try restarting the server
    Starting Forcepoint NGFW Log Server:                           [FAILED]
    SMC: Cryptographic self-tests failed. Try restarting the server
  • If a power-up self-test fails, an error message is shown on the console and the appliance turns off and is not remotely accessible.
    fipstest: Performing FIPS OpenSSL crypto selftests…
    Fatal FIPS Error: fipstest:ERROR:FIPS OpenSSL crypto selftest failed: /lib/fips/fipstest-ossl: 1
  • If the file system integrity check fails, an error message is shown on the console and the appliance turns off and is not remotely accessible.
    fipscheck: Performing FIPS integrity check…
    Fatal FIPS Error: fipscheck:ERROR:FIPS check failed. /lib/fips/fipscheck: 1

Next steps

  • If the self-tests succeed, continue configuring the SMC Appliance.
  • If a self-test fails, and the SMC Appliance does not restart automatically, restart it manually.
  • If a self-test continues to fail, reset the SMC Appliance to factory settings.