Use the NGFW Configuration Wizard to install the NGFW Engine in FIPS mode.
These steps are the high-level tasks. For complete installation instructions, see the Forcepoint Next Generation Firewall Installation Guide. Before upgrading, read the Forcepoint Next Generation Firewall Release Notes for the version you are upgrading to.
Note: NGFW appliances come with NGFW Engine software pre-installed. Before setting the NGFW Engine to use FIPS mode, upgrade the NGFW Engine software to the version that you want to
use.
Steps
-
Download the NGFW Engine software from https://support.forcepoint.com/Downloads, then validate the checksums.
Note: Save the NGFW Engine upgrade .zip file to the root directory of the USB drive or DVD media.
For information about
obtaining the installation files, see the
Forcepoint Next Generation Firewall Installation Guide.
-
Upgrade the NGFW Engine software to the version that you want to use.
-
In the NGFW Configuration Wizard, select Firewall/VPN as the role.
-
Select Upgrade.
-
In the Select Source Media dialog box, select the appropriate media type, then click OK.
The software update signature is verified.
-
Click OK.
The upgrade starts.
-
Select Set kernel in FIPS mode after reboot.
-
Click OK.
NGFW appliance restarts and displays
the upgraded version.
-
Configure the NGFW Engine with the NGFW Configuration Wizard.
Follow the normal process to define the
NGFW Engine properties, with these exceptions:
-
To verify FIPS-Approved mode of operation, verify that the following messages are shown on
the console when the NGFW appliance restarts:
FIPS: rootfs integrity check OK
This message confirms that the module's integrity test has been executed successfully.
FIPS power-up tests succeeded
This message confirms that the FIPS power-up self-tests have been executed successfully. If the power-up tests fail, a power-up test error message is shown and the module
restarts.