Black Box ET0100A, ET1000A Disabling Fips, Verifying Fips Status on the Etep, Operational Notes

ETEP Configuration

●Performs a software integrity test

●Clears pre-existing polices and keys, as described in Table 104.

●Generates a new self-signed certificate on the management interface

●Removes all externally signed certificates

●Resets passwords to the factory defaults

●Closes remote SSH client sessions

Table 104 Effects of clearing policies and keys when entering FIPS mode

Operational Notes

Entering FIPS mode may cause some delays when communicating with the ETEP.

●When the ETEP is rebooted with FIPS mode enabled, the ETEP does not become operational until

30-60 seconds after the login prompt is displayed. In the interim, attempts to communicate with the ETEP from ETEMS or the CLI result in error messages (attempting to access a locked shared resource or failure to create input stream). If you receive an error message, wait several seconds and retry.

●The Ethernet management interface uses FIPS-approved cipher and authentication algorithms for SSL and SSH connections. When operating in FIPS mode, it can take 30-60 seconds to establish an SSH session.

●If you used SSH to manage the ETEP prior to entering FIPS mode, you may not be able to establish an SSH session after FIPS is enabled. To correct this, clear the known host entry for your SSH client and retry.

Disabling FIPS

The ETEP performs the following actions when exiting FIPS mode:

●Existing policies continue to run until they are replaced or deleted.

●SSH is reset when FIPS is disabled, terminating the current session.

Verifying FIPS Status on the ETEP

You can verify that FIPS is enabled on the ETEP in the following two ways:

●In ETEMS, compare the ETEMS and ETEP configurations (Tools > Compare Config to Appliance).

●Log in to the CLI and issue one of the following commands: show running-configor show fips- mode.

Related topics:

● “Connecting Directly to an Appliance” on page 123