Cisco Cisco Email Security Appliance C160 Mode D'Emploi

mail.example.com> fipsconfig

FIPS mode is currently enabled.

Choose the operation you want to perform:

- SETUP - Configure FIPS mode.

- FIPSCHECK - Check for FIPS mode compliance.

[]> setup

To finalize FIPS mode, the appliance will reboot immediately. No commit will be required.

Are you sure you want to disable FIPS mode and reboot now ? [N]> n

Do you want to enable encryption of sensitive data in configuration file when FIPS mode is 

enabled? Changing the value will result in system reboot [N]> y

Enter the number of seconds to wait before forcibly closing connections.

[30]>

System rebooting.  Please wait while the queue is being closed...

Closing CLI connection.

Rebooting the system...

Use the 

fipsconfig

 command to check if your appliance contains any non-FIPS-compliant objects.

mail.example.com> fipsconfig

FIPS mode is currently disabled.

Choose the operation you want to perform:

- SETUP - Configure FIPS mode.

- FIPSCHECK - Check for FIPS mode compliance.

[]> fipscheck

All objects in the current configuration are FIPS compliant.

FIPS mode is currently disabled.

AsyncOS allows you to encrypt communications between the appliance and external machines by using 
a certificate and private key pair. You can upload an existing certificate and key pair, generate a 
self-signed certificate, or generate a Certificate Signing Request (CSR) to submit to a certificate 
authority to obtain a public certificate. The certificate authority will return a trusted public certificate 
signed by a private key that you can then upload onto the appliance.

When the appliance is in FIPS mode, you can continue to 

The appliance’s FIPS mode adds a number of restrictions to the certificates that the appliance uses in 
order for the appliance to be FIPS compliant. Certificates must use one of the following signature 
algorithms: SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512.