Cisco Cisco Web Security Appliance S680 Guía Del Usuario
26-27
Cisco IronPort AsyncOS 7.7 for Web User Guide
Chapter 26 System Administration
System Date and Time Management
FIPS Certificate Requirements
FIPS Mode requires a certificate that meets these requirements:
Entering and Exiting FIPS Mode
Before You Begin
•
Be aware that both entering and exiting FIPS mode initiates a reboot of the appliance.
•
Ensure the certificates to be used in FIPS mode use FIPS 140-2 approved public key algorithms.
•
Login to an administrator account
Web Interface
Step 1
On the System Administration > FIPS Mode page, click Edit Settings.
Step 2
[Select | Deselect] Enable FIPS Level 1 Compliance.
Step 3
Click Submit.
Step 4
Click Continue to allow the appliance to reboot.
Command Line Interface
.
System Date and Time Management
Your Web Security appliance can track the current date and time by querying a Network Time Protocol
(NTP) server or you can manually set the system date and time. The system date and time reflects the
time zone, which you can set either by GMT offset or by global region, country, and then local time zone.
(NTP) server or you can manually set the system date and time. The system date and time reflects the
time zone, which you can set either by GMT offset or by global region, country, and then local time zone.
Certificate
Algorithm
Bit Key Size
Signature Algorithm
Notes
X509
RSA
1024
sha1WithRSAEncryption
For best decryption
performance and sufficient
security, Cisco recommends a
bit key size of 1024.
performance and sufficient
security, Cisco recommends a
bit key size of 1024.
RSA
2048, 3072
or 4096
or 4096
sha1WithRSAEncryption
Bit sizes larger than 1024 will
increase security, but impact
decryption performance.
increase security, but impact
decryption performance.
DSA
1024
dsaWithSHA1
For best decryption
performance and sufficient
security, Cisco recommends a
bit key size of 1024.
performance and sufficient
security, Cisco recommends a
bit key size of 1024.
Command
Subcommand
Description
fipsconfig
setup
Enter and exit FIPS mode.