STIGQter: STIG Summary: Palo Alto Networks ALG Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020: STIGQter: STIG Summary: Palo Alto Networks ALG Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:SV-228877r557387_rule
V-228877
SRG-NET-000510-ALG-000111
PANW-AG-000143
CAT II
10
Power off the device by unplugging it from the electrical outlet.
Connect a console cable from the console port to a computer serial port, and use a terminal program to connect to the Palo Alto Networks device.
The serial parameters are "9600 baud", "8 data bits", "no parity", and "1 stop bit".
A USB to serial adapter will be necessary if the computer does not have a serial port.
During the boot sequence, this message will appear:
Autoboot to default partition in 5 seconds.
Enter "maint" to boot to "maint" partition.
Enter "maint" to enter maintenance mode.
Press "Enter", and the "Maintenance Recovery tool" menu will appear.
Select "Set FIPS Mode" (or fips-cc for later versions) from the menu; once the device has finished rebooting, it will be in FIPS mode.
Note: This will remove all installed licenses and disable the serial port.
If the Palo Alto Networks security platform is not used for TLS/SSL decryption, this is not applicable.
Use the command line interface to determine if the device is operating in FIPS mode. Enter the CLI command "show fips-mode" or the command show fips-cc (for more recent releases).
If fips mode is set to off, this is a finding.
V-228877
False
PANW-AG-000143
If the Palo Alto Networks security platform is not used for TLS/SSL decryption, this is not applicable.
Use the command line interface to determine if the device is operating in FIPS mode. Enter the CLI command "show fips-mode" or the command show fips-cc (for more recent releases).
If fips mode is set to off, this is a finding.
M
4233