Cisco Cisco Web Security Appliance S670 Guida Utente

26-27

Cisco IronPort AsyncOS 7.7 for Web User Guide

Chapter 26 System Administration

System Date and Time Management

FIPS Certificate Requirements

FIPS Mode requires a certificate that meets these requirements:

Entering and Exiting FIPS Mode

Before You Begin

•

Be aware that both entering and exiting FIPS mode initiates a reboot of the appliance.

•

Ensure the certificates to be used in FIPS mode use FIPS 140-2 approved public key algorithms.

•

Web Interface

Step 1

On the System Administration > FIPS Mode page, click Edit Settings.

Step 2

[Select | Deselect] Enable FIPS Level 1 Compliance.

Step 3

Click Submit.

Step 4

Click Continue to allow the appliance to reboot.

Command Line Interface

System Date and Time Management

Your Web Security appliance can track the current date and time by querying a Network Time Protocol
(NTP) server or you can manually set the system date and time. The system date and time reflects the
time zone, which you can set either by GMT offset or by global region, country, and then local time zone.

Certificate

Algorithm

Bit Key Size

Signature Algorithm

Notes

X509

RSA

1024

sha1WithRSAEncryption

For best decryption
performance and sufficient
security, Cisco recommends a
bit key size of 1024.

RSA

2048, 3072
or 4096

sha1WithRSAEncryption

Bit sizes larger than 1024 will
increase security, but impact
decryption performance.

DSA

1024

dsaWithSHA1

For best decryption
performance and sufficient
security, Cisco recommends a
bit key size of 1024.

Command

Subcommand

Description

fipsconfig

setup

Enter and exit FIPS mode.