Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

You can enable and disable FIPS mode from the Infoblox serial console only. Do the following to set FIPS mode on the appliance:

Connect to the serial console using the following command:

/import/lab/bin/console_connect -H host_name

Enable FIPS mode using the following command:

Infoblox > set fips_mode

Reboot the appliance, connect to the serial console and use the following command to check if the FIPS mode is enabled:

Infoblox > show fips_mode

Verify if the following files exist in the directories mentioned:

/infoblox/security/keys/integrity.key

/infoblox/security/keys/integrity.pem

/infoblox/security/sha256sum_bin.txt

/infoblox/security/sha256sum_bin.txt.sha256

Upgrade the TOE only when the FIPS mode is enabled. The security administrator will be able to upgrade to a validated release package only. The security administrator can verify the TOE by the version number included in the file name as well as through the administrative interface before and after the upgrade. Refer to the Release Notes of the NIOS version to which the TOE is upgrading for additional upgrade instructions. To upgrade, create a .bin file using the script /import/tools/qa/tools/bin/create_upgradeable_releases from the given NIOS .bin file. When you execute this script, it creates three files and you must choose file nios-<...>-nls.bin. To upgrade the TOE through Grid Manager, see Upgrading NIOS Software  on page 553.

To revert the TOE to the previously running software, ensure that the FIPS mode is enabled. For more information, see Reverting the Grid to the Previously Running Software  on page 565.

To disable FIPS mode, execute the following command: Infoblox > set fips_mode. You can verify if the FIPS mode is disabled using the following command: Infoblox > show fips_mode.Ensure that the files /infoblox/security/sha256sum_bin.txt and /infoblox/security/sha256sum_bin.txt.sha256 are deleted.

To clear FIPS mode on an appliance, log in to the Infoblox CLI and execute the command: reset all.

The TOE reboots and goes through boot time self tests. If the test fails, the TOE goes into a loop and displays an error message on the serial console and the LCD. Otherwise, it displays the Login prompt after the self tests. Multi-Grid management is enabled as soon as Grid support becomes FIPS capable.


  • No labels