Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Next »

You can enable and disable FIPS mode from the Infoblox CLI only. Do the following to set FIPS mode on the appliance:

  1. Log in to the Infoblox CLI using a superuser account.
  2. Enable FIPS mode using the following command:
    Infoblox > set fips_mode
  3. Reboot the appliance, connect to the serial console and use the following command to check if the FIPS mode is enabled:
    Infoblox > show fips_mode
  4. Verify if the following files exist in the directories mentioned:
  • /infoblox/security/keys/integrity.key
  • /infoblox/security/keys/integrity.pem
  • /infoblox/security/sha256sum_bin.txt
  • /infoblox/security/sha256sum_bin.txt.sha256

For more information about the commands mentioned above, refer to the /wiki/spaces/NCG8/pages/22937962. Upgrade the TOE only when the FIPS mode is enabled. The security administrator will be able to upgrade to a validated release package only. The security administrator can verify the TOE by the version number included in the file name as well as through the administrative interface before and after the upgrade. Refer to the Release Notes of the NIOS version to which the TOE is upgrading for additional upgrade instructions. To upgrade, create a .bin file using the script /import/tools/qa/tools/bin/create_upgradeable_releases from the given NIOS .bin file. When you execute this script, it creates three files and you must choose file nios-<...>-nls.bin. To upgrade the TOE through Grid Manager, see Upgrading NIOS Software.

To revert the TOE to the previously running software, ensure that the FIPS mode is enabled. For more information, see Reverting the Grid to the Previously Running Software.

To disable FIPS mode, execute the following command: Infoblox > set fips_mode. You can verify if the FIPS mode is disabled using the following command: Infoblox > show fips_mode.Ensure that the files /infoblox/security/sha256sum_bin.txt and /infoblox/security/sha256sum_bin.txt.sha256 are deleted.

To clear FIPS mode on an appliance, log in to the Infoblox CLI and execute the command: reset all.

The TOE reboots and goes through boot time self tests. If the test fails, the TOE goes into a loop and displays an error message on the serial console and the LCD. Otherwise, it displays the Login prompt after the self tests. Multi-Grid management is enabled as soon as Grid support becomes FIPS capable.

Note the following:

  • When you configure a Grid Master and enable a certain, either CC or FIPS, mode in the Grid Master and then configure a Grid member with a different mode than that of the Grid Master, the member automatically takes the same mode as the Grid Master when you add this member to the Grid Master. For example, if the Grid Master is in FIPS mode and the Grid member is CC mode enabled, the Grid member becomes FIPS enabled when you add this member to the Grid.
  • Consider an HA Grid Master with a certain, either CC or FIPS, mode enabled in the active node. When you join a passive node to the HA Grid Master, it automatically takes the same node as the Grid Master in the active node. For example, if FIPS is enabled in the active node, then theĀ  passive node too becomes FIPS enabled when you join it to the HA Grid Master even though it was in CC mode earlier.

  • When the HA pair is enabled, you cannot enable or disable either the CC or FIPS mode on the active or passive nodes.

Infoblox suggests that you do the following for an HA pair:

  • Set either CC or FIPS mode on each node before building an HA pair.
  • Set both the nodes of an HA pair in the same mode, that is either in the CC mode, or FIPS mode, or none.


  • No labels