Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    CLI Reference

    7.6.3
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.0
    6.0.4
    6.0.3
    6.0.1
    6.0.0

    system fips-cc

    system fips-cc

    Use this command to enable Federal Information Processing Standards-Common Criteria (FIPS-CC) mode. For information on compliance and certification, see also the FIPS 140-3 and Common Criteria Tech Note.

    This enhanced security mode is required by some organizations, but may not be appropriate for others. It is valid only if you have installed a FIPS-certified firmware build on supported hardware. For more information on FIPS, or to obtain a certified build, contact Fortinet Technical Support.

    When switching to FIPS mode, you will be prompted to confirm, and must log in again.

    To disable FIPS mode, restore the firmware default configuration using factoryreset.

    Back up the configuration before enabling FIPS mode. When you enable or disable FIPS-CC mode, all of the existing configuration is lost. For more information on making a complete backup, see the FortiMail Administration Guide.

    Syntax

    config system fips-cc

    set status {disable | fips-ciphers}

    set entropy-token {enable | disable | dynamic}

    set reseed-interval <minutes_int>

    end

    Variable

    Description

    Default
    entropy-token {enable | disable | dynamic} Select the entropy token presence during random number generator (RNG) seeding. dynamic
    reseed-interval <minutes_int> Enter the time interval in minutes to reseed the RNG. The valid range is from 0 to 1440 (24 hours). 1440
    status {disable | fips-ciphers}

    Enable or disable FIPS mode.

    When set to fips-ciphers, only a restricted set of ciphers are allowed for features requiring encryption such as SSL, TLS, and HTTPS. Other less secure protocols such as Telnet, TFTP, and HTTP access to the cloud FortiMail VM are not allowed.

    		 disable

    Related topics

    profile encryption

    system global

    system security crypto

    fips kat

    log dummy-log

    restore image

    Previous
    Next

    system fips-cc

    system fips-cc

    Use this command to enable Federal Information Processing Standards-Common Criteria (FIPS-CC) mode. For information on compliance and certification, see also the FIPS 140-3 and Common Criteria Tech Note.

    This enhanced security mode is required by some organizations, but may not be appropriate for others. It is valid only if you have installed a FIPS-certified firmware build on supported hardware. For more information on FIPS, or to obtain a certified build, contact Fortinet Technical Support.

    When switching to FIPS mode, you will be prompted to confirm, and must log in again.

    To disable FIPS mode, restore the firmware default configuration using factoryreset.

    Back up the configuration before enabling FIPS mode. When you enable or disable FIPS-CC mode, all of the existing configuration is lost. For more information on making a complete backup, see the FortiMail Administration Guide.

    Syntax

    config system fips-cc

    set status {disable | fips-ciphers}

    set entropy-token {enable | disable | dynamic}

    set reseed-interval <minutes_int>

    end

    Variable

    Description

    Default
    entropy-token {enable | disable | dynamic} Select the entropy token presence during random number generator (RNG) seeding. dynamic
    reseed-interval <minutes_int> Enter the time interval in minutes to reseed the RNG. The valid range is from 0 to 1440 (24 hours). 1440
    status {disable | fips-ciphers}

    Enable or disable FIPS mode.

    When set to fips-ciphers, only a restricted set of ciphers are allowed for features requiring encryption such as SSL, TLS, and HTTPS. Other less secure protocols such as Telnet, TFTP, and HTTP access to the cloud FortiMail VM are not allowed.

    		 disable

    Related topics

    profile encryption

    system global

    system security crypto

    fips kat

    log dummy-log

    restore image

    Previous
    Next