Skip to content
The XG Series hardware appliances will reach end-of-life (EOL) on March 31, 2025. Click here to see the XG to XGS migration documentation.

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/nsg/sophos-firewall/20.0/Help/en-us/webhelp/onlinehelp/index.html?contextId=Certifications-FIPS

FIPS 140-3 Level 1

The Federal Information Processing Standard 140-3 (FIPS 140-3) level 1 is a public standard of the United States that defines security requirements for cryptographic modules.

SFOS 20.0 MR1 and subsequent 20.0 maintenance versions are FIPS 140-3 Level 1 compliant.

Supported installations

The firewall supports the FIPS mode on the following installations:

  • XGS Series hardware
  • Virtual machines (VMware vSphere, Hyper-V, KVM, Xen)
  • Cloud (AWS, Azure)

The firewall doesn't support the FIPS mode on the following installations:

  • Software
  • XG and SG Series hardware

FIPS-compliant algorithms

The following algorithms are available for VPN configurations on FIPS-compliant firewalls:

  • DH groups: 14, 15, 16, 17, 18, 19, 20, and 21
  • Encryption: AES256-CBC, AES192-CBC, AES128-CBC, AES256-GCM, AES192-GCM, and AES128-GCM

  • RSA key: 2048 and higher

    Only 2048 and 3072 are FIPS-compliant. However, the firewall allows you to select larger key sizes because they're stronger.

  • EC curves: 224-bit and larger key sizes

  • Authentication: SHA1, SHA256, SHA384, and SHA512
  • PSK: 14 bytes and larger
  • TLS versions: TLS 1.2 and TLS 1.3

Note

We strongly recommend you use IKEv2 for all new installations. Use IKEv1 only on legacy systems and with FIPS-approved algorithms.

Turn on FIPS

Turning on FIPS requires a factory reset of the firewall to apply the FIPS-compliant algorithms to the firewall's features. After you turn on FIPS, you must configure the firewall again.

Note

If you've turned on FIPS on a FIPS-compliant SFOS 18.5 MR version, you can upgrade to SFOS 20.0 MR1 and subsequent 20.0 maintenance versions. Alternatively, restore a FIPS-compliant backup without configuring the firewall again, maintaining FIPS compliance.

To turn on FIPS mode, go to the command-line interface (CLI) and enter the following command:

system certification fips enable

The firewall restarts with the factory configuration, and the cryptography module becomes FIPS-compliant.

Warning

The restart replaces your current configuration with the factory default.

To turn the FIPS mode on with high availability (HA) deployments, turn on the FIPS mode first, then turn on HA.

Restriction

You can't turn FIPS on or off for devices for which HA is already turned on.

Backup and restore with FIPS

You can restore backups with FIPS turned on or off on any compatible firewall version. The following table shows how this affects the FIPS mode in the restored configuration.

Backup type Firewall version that supports FIPS Firewall version that doesn't support FIPS
FIPS was turned on FIPS will be turned on FIPS won't be available
FIPS was turned off FIPS will be turned off FIPS won't be available

Restriction

You can't restore a backup from a firewall running one of the FIPS-enabled SFOS 18.5 MR versions (FIPS 140-2 Level 1 compliant) to a firewall running SFOS 20.0 MR1 or a subsequent 20.0 maintenance version (FIPS 140-3 Level 1 compliant) if the 18.5 firewall has the following VPN configurations:

  • Encryption: 3DES
  • SHA1 signed certificate used in the local or remote configuration
  • RSA certificate with 1024 or 1536 bits key length
  • EC certificate with key length less than 224 bits
  • Pre-shared key with less than 14 bytes

Firmware upgrades with FIPS

If you migrate or upgrade the firmware and then turn on FIPS, you can roll back to the previous version where FIPS was turned off since the configuration is still available.

On an active firmware with FIPS turned on, the firewall restricts the upload of firmware that doesn't support FIPS. If you still want to upload it, turn off the FIPS mode.

SFOS 20.0 MR1 and subsequent 20.0 maintenance versions are FIPS 140-3 Level 1 compliant. So, if you want to migrate a FIPS 140-2 Level 1 compliant firewall running SFOS 18.5 to one of these versions, you may need to first make the 18.5 firewall configuration FIPS 140-3 Level 1 compliant.

Restriction

You can't upgrade a firewall running one of the FIPS-enabled SFOS 18.5 MR versions (FIPS 140-2 Level 1 compliant) to SFOS 20.0 MR1 and subsequent 20.0 maintenance releases (FIPS 140-3 Level 1 compliant) if the 18.5 firewall has the following VPN configurations:

  • Encryption: 3DES
  • SHA1 signed certificate used in the local or remote configuration
  • RSA certificate with 1024 or 1536 bits key length
  • EC certificate with key length less than 224 bits
  • Pre-shared key with less than 14 bytes

FIPS behavior

The firewall generates all the default policies with FIPS-compliant settings.

Usually, the firewall generates the default L2TP policy using MD5, but on FIPS-enabled devices, it uses the minimally required authentication algorithm SHA1.

VPN

When you turn on the FIPS mode, IPsec uses the FIPS-certified cryptography library for VPN tunnel establishments (phase 1). SSL VPN uses the FIPS-certified cryptography library to establish the phase 1 and phase 2 VPN tunnels.

To meet FIPS compliance, some encryption options aren't available.

In FIPS mode, the firewall generates certificates that are FIPS-compliant and FIPS-validated. The firewall uses a FIPS-certified cryptography library for the generation.

When you upload certificates or certificate authorities (CAs), the firewall validates them for a FIPS-compliant algorithm.

  • IPsec policies phase 1 and 2:

    • DH group: You can't select 1, 2, 5, 25, 26, 27, 28, 29, or 30 because they're not FIPS-certified. You can select 31 because the encryption is stronger than required, but your connection will not be FIPS-compliant.
    • Encryption: You can't select 3DES, Blowfish, Twofish, and Serpent.
    • Authentication: You can't select MD5.

  • IPsec connections

    • Remote access VPN > IPsec > Authentication type:

      • RSA key: 2048 and higher. Only 2048 and 3072 are FIPS-compliant. However, the firewall allows you to select larger key sizes because they're stronger.
      • Digital certificate: You can use only FIPS-compliant certificates. You can't select External CA as the remote certificate.
      • Preshared key: Minimum length of the pre-shared key should be 14 bytes.

    • IPsec wizard: Offers FIPS-compliant settings.

  • IPsec (remote access) and L2TP (remote access): For authentication based on Digital certificate, you can use only FIPS-compliant certificates.

  • FIPS-enabled devices don't have a default L2TP policy.

Site-to-site VPN > SSL VPN > SSL VPN global settings:

  • SSL server certificate: For authentication based on Digital certificate, you can use only FIPS-compliant certificates.

  • Cryptography settings:

    • Encryption algorithm: You can't select BF-CBC or 3DES.
    • Authentication algorithm: You can't select MD5.
    • Key size: You can't select 1024.

  • SSL VPN (site-to-site): The firewall generates FIPS-compliant server and client configurations. If you download a server configuration from a FIPS-enabled device, you can't use it on versions earlier than 18.5 MR2 if the VPN configuration is password-protected and vice versa.

In a site-to-site VPN tunnel connecting to an Amazon VPC, you must do as follows:

  1. Use the Use VPC configuration file option to import VPC connections. The firewall doesn't support the Use AWS security credentials option in FIPS mode. You can still see this option in the web admin console, but the connection will fail.
  2. Manually update the VPC configuration file to use the FIPS 140-3 compliant algorithms as mentioned in FIPS-compliant algorithms. For example, make sure you're using a FIPS-compliant algorithm for the DH group.

Certificates and certificate authorities

In FIPS mode, the firewall generates certificates that are FIPS-compliant and FIPS-validated. The firewall uses a FIPS-certified cryptography library for the generation.

When you upload certificates or certificate authorities (CAs), the firewall validates them for a FIPS-compliant algorithm.

For digital certificates (local or remote), the restriction depends on the certificate type:

  • You can't select MD5 digest or SHA1 digest.
  • RSA key: 2048 and higher. Only 2048 and 3072 are FIPS-compliant. However, the firewall allows you to select larger key sizes because they're stronger.
  • EC curves: Prime field curves. 224 and larger key sizes are allowed.

High availability

You can turn on HA on FIPS-enabled devices. First, turn on FIPS on the primary device, then turn on HA. The firewall will then automatically turn on FIPS for the auxiliary device.

You can't turn FIPS on or off while HA is turned on for the devices.

If you turn off HA, the FIPS status doesn't change on any HA device.

Logging and reporting

The log viewer and reports show the change when you turn FIPS on or off.

More resources