STIGQter: STIG Summary: Palo Alto Networks ALG Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020: STIGQter: STIG Summary: Palo Alto Networks ALG Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:SV-228834r557387_rule
V-228834
SRG-NET-000062-ALG-000092
PANW-AG-000017
CAT II
10
To configure the Palo Alto Networks security platform to operate in FIPS mode:
Power off the device by unplugging it from the electrical outlet.
Connect a console cable from the console port to a computer serial port, and use a terminal program to connect to the Palo Alto Networks device.
The serial parameters are 9600 baud, 8 data bits, no parity, and 1 stop bit.
A USB to serial adapter will be necessary if the computer does not have a serial port.
During the boot sequence, this message will appear:
"Autoboot to default partition in 5 seconds".
Enter "maint" to boot to "maint" partition.
Enter "maint" to enter maintenance mode.
Press "Enter", and the "Maintenance Recovery tool" menu will appear.
Select "Set FIPS Mode" (or fips-cc for later versions) from the menu; once the device has finished rebooting, it will be in FIPS mode.
Note: This will remove all installed licenses and disable the serial port.
Use the command line interface to determine if the device is operating in FIPS mode.
If fips-mode or fips-cc is set to "off", this is a finding.
V-228834
False
PANW-AG-000017
Use the command line interface to determine if the device is operating in FIPS mode.
If fips-mode or fips-cc is set to "off", this is a finding.
M
4233