FIPS Security

Configure > Security > FIPS

Important: After FIPS is enabled, you must re-install any hotfixes previously installed for the current version of Content Gateway.

When FIPS mode is enabled:

HTTPS connections use only TLSv1 or higher
HTTPS connections use FIPS 140-2 approved algorithms
Content Gateway generates SHA-256 certificates in response to origin server certificate requests

Warning: Once enabled, FIPS 140-2 mode cannot be disabled without reinstalling Content Gateway. If Content Gateway is on an appliance, the appliance must be reimaged.

Important: Due to a system limitation, FIPS 140-2 mode cannot be used with NTLM user authentication (IWA fallback to NTLM or Legacy NTLM).

For complete information, see FIPS 140-2 Mode.

Option	Description
FIPS Enable/Disable radio buttons	By default, Content Gateway is installed in non-FIPS 140-2 mode. To switch to FIPS 140-2 mode, select the Enabled radio button, click Apply, and restart Content Gateway. Warning: Once enabled, FIPS 140-2 mode cannot be disabled without reinstalling Content Gateway. For appliance installations, reinstallation requires reimaging the system.

Option

Description

FIPS Enable/Disable radio buttons

By default, Content Gateway is installed in non-FIPS 140-2 mode.

To switch to FIPS 140-2 mode, select the Enabled radio button, click Apply, and restart Content Gateway.

Warning: Once enabled, FIPS 140-2 mode cannot be disabled without reinstalling Content Gateway. For appliance installations, reinstallation requires reimaging the system.