Black Box ET0010A User Manual
ETEP Configuration
332
EncrypTight User Guide
●
Performs a software integrity test
●
Clears pre-existing polices and keys, as described in
●
Generates a new self-signed certificate on the management interface
●
Removes all externally signed certificates
●
Resets passwords to the factory defaults
●
Closes remote SSH client sessions
Operational Notes
Entering FIPS mode may cause some delays when communicating with the ETEP.
●
When the ETEP is rebooted with FIPS mode enabled, the ETEP does not become operational until
30-60 seconds after the login prompt is displayed. In the interim, attempts to communicate with the
ETEP from ETEMS or the CLI result in error messages (attempting to access a locked shared
resource or failure to create input stream). If you receive an error message, wait several seconds and
retry.
30-60 seconds after the login prompt is displayed. In the interim, attempts to communicate with the
ETEP from ETEMS or the CLI result in error messages (attempting to access a locked shared
resource or failure to create input stream). If you receive an error message, wait several seconds and
retry.
●
The Ethernet management interface uses FIPS-approved cipher and authentication algorithms for SSL
and SSH connections. When operating in FIPS mode, it can take 30-60 seconds to establish an SSH
session.
and SSH connections. When operating in FIPS mode, it can take 30-60 seconds to establish an SSH
session.
●
If you used SSH to manage the ETEP prior to entering FIPS mode, you may not be able to establish
an SSH session after FIPS is enabled. To correct this, clear the known host entry for your SSH client
and retry.
an SSH session after FIPS is enabled. To correct this, clear the known host entry for your SSH client
and retry.
Disabling FIPS
The ETEP performs the following actions when exiting FIPS mode:
●
Existing policies continue to run until they are replaced or deleted.
●
SSH is reset when FIPS is disabled, terminating the current session.
Verifying FIPS Status on the ETEP
You can verify that FIPS is enabled on the ETEP in the following two ways:
●
In ETEMS, compare the ETEMS and ETEP configurations (Tools > Compare Config to Appliance).
●
Log in to the CLI and issue one of the following commands: show running-config or show fips-
mode.
mode.
Related topics:
●
Table 104 Effects of clearing policies and keys when entering FIPS mode
Policy Type
Action upon entering FIPS mode
Distributed key policies
Traffic passes in the clear until new encryption policies are
created and deployed to the ETEP.
Point-to-point Layer 2 policies
Keys are automatically renegotiated. Traffic is discarded in the
interim.
Management port policies
Keys are automatically renegotiated. Traffic is discarded in the
interim.