Check the SMC Appliance self-tests
The SMC Appliance contains several modules that run self-tests when the SMC Appliance starts.
Known answer tests (KAT) and pairwise consistency tests (PCT) are run.
| Algorithm | Type |
|---|---|
| Software integrity | HMAC-SHA-256 |
| AES | KAT |
| CCM | KAT |
| AES-CMAC | KAT |
| FFC KAS | KAT |
| DRBG | KAT, Continuous, Health Checks |
| DSA | KAT, PCT |
| ECDSA | KAT, PCT |
| GCM/GMAC | KAT |
| HMAC | KAT |
| ECC KAS | KAT |
| SP 800-108 KBKDF | KAT |
| RSA | KAT, PCT |
| SHS | KAT |
| TDES | KAT |
| TDES-CMAC | KAT |
| Extendable-Output functions (XOF) | KAT |
| Key Wrapping Using RSA | KAT |
| Key Transport Using RSA | KAT |
| NDRNG | Continuous |
| DH | PCT |
| ECDH/ECCDH | PCT |
| Algorithm | Type |
|---|---|
| Software integrity | HMAC-SHA-256 |
| HMAC | KAT |
| AES | KAT |
| AES CCM | KAT |
| AES GCM | KAT |
| AES XTS | KAT |
| AES CMAC | KAT |
| TDES | KAT |
| TDES CMAC | KAT |
| RSA | KAT, PCT |
| DSA | KAT, PCT |
| ECDSA | KAT, PCT |
| DRBG | KAT, Continuous |
| Diffie-Hellman | KAT |
| EC Diffie-Hellman | KAT |
| SHA1 | KAT |
| SHA2 | KAT |
| SHA3 | KAT |
| KBKDF | KAT |
| PBKDF2 | KAT |
| Algorithm | Type |
|---|---|
| AES | KAT |
| TDES | KAT |
| DSA | KAT |
| ECDSA | KAT |
| RSA | KAT |
| SHS | KAT |
| HMAC | KAT |
| DRBG | KAT |
| Software integrity | DSA signature verification |
Check the self-test results in the console.
- If the Bouncy Castle FIPS Java API cryptographic module self-test fails, the server application fails to start and an error message is shown on the console. The error message is also sent to
SMC Appliance syslog.
Starting Forcepoint NGFW Management Server: [FAILED] SMC: Cryptographic self-tests failed. Try restarting the server Starting Forcepoint NGFW Log Server: [FAILED] SMC: Cryptographic self-tests failed. Try restarting the server - If a power-up self-test fails, an error message is shown on the console and the appliance turns off and is not remotely accessible.
fipstest: Performing FIPS OpenSSL crypto selftests… Fatal FIPS Error: fipstest:ERROR:FIPS OpenSSL crypto selftest failed: /lib/fips/fipstest-ossl: 1 - If the file system integrity check fails, an error message is shown on the console and the appliance turns off and is not remotely accessible.
fipscheck: Performing FIPS integrity check… Fatal FIPS Error: fipscheck:ERROR:FIPS check failed. /lib/fips/fipscheck: 1
Next steps
- If the self-tests succeed, continue configuring the SMC Appliance.
- If a self-test fails, and the SMC Appliance does not restart automatically, restart it manually.
- If a self-test continues to fail, reset the SMC Appliance to factory settings.