Error:
An unexpected error occurred. Please click Reload to try again.
Error:
An unexpected error occurred. Please click Reload to try again.
Configuring a FIPS-enabled Firewall from Panorama - Knowledge Base - Palo Alto Networks

Configuring a FIPS-enabled Firewall from Panorama

18296
Created On 09/26/18 13:54 PM - Last Modified 06/12/23 08:36 AM


Resolution


Issue:

 

When attempting to restore a configuration to a FIPS enabled firewall from Panorama, FIPS related errors are displayed about encryption keys.

 

Resolution:

 

When configuring FIPS mode, the firewall will perform a factory reset to ensure that non-compliant FIPS configuration cannot occur on the device.  It is not possible to load a non -FIPS compliant configuration  onto a FIPS enabled device. When  pushng from Panorama to a FIPS enabled device IKE crypto errors are received because FIPS mode disables certain ciphers ( Group 2 in IKE/IPSec is one such cipher). Only Group 14 is allowed in this mode.  To ensure that a configuration is FIPS compliant, configure the device and save the config when it is already in FIPS mode.

 

owner:  swhyte



Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClzCCAS&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language