FIPS Security
Important: After FIPS is enabled, you must re-install any hotfixes previously installed for the current version of Content Gateway.
When FIPS mode is enabled:
- HTTPS connections use only TLSv1 or higher
- HTTPS connections use FIPS 140-2 approved algorithms
- Content Gateway generates SHA-256 certificates in response to origin server certificate requests
Warning: Once enabled, FIPS 140-2 mode cannot be disabled without reinstalling Content Gateway. If Content Gateway is on an appliance, the appliance must be reimaged.
Important: Due to a system limitation, FIPS 140-2 mode cannot be used with NTLM user authentication (IWA fallback to NTLM or Legacy NTLM).
For complete information, see FIPS 140-2 Mode.
Option | Description |
---|---|
FIPS Enable/Disable radio buttons |
By default, Content Gateway is installed in non-FIPS 140-2 mode. To switch to FIPS 140-2 mode, select the Enabled radio button, click Apply, and restart Content Gateway. Warning: Once enabled, FIPS 140-2 mode cannot be disabled without reinstalling Content Gateway. For appliance installations, reinstallation requires reimaging the system.
|