background image
Non-Proprietary Security Policy, Version 1.1
March 11, 2009
Secure Computing Secure Firewall (Sidewinder) 2150E
Page 19 of 24
© 2009 Secure Computing Corporation
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Figure 5 ­ Rear Panel of Secure Computing Secure Firewall (Sidewinder) 2150E
After the labels are placed as instructed above, the module can be powered up and the Crypto-Officer
may proceed with initial configuration.
3.1.1.2
Setting FIPS Environment
The Crypto-Officer must first check the firmware to ensure they are running version 7.0.1.01.
If this
version is not running, the Crypto-Officer must take measures to upgrade the module to 7.0.1.01 to
comply with FIPS 140-2.
If required, this upgrade can be performed through the GUI based
administrative console. If the module is being newly built from the onboard virtual disk, then the Crypto-
Officer will first need to set up the network configuration and enable the admin account with a new
password.
To check if the module is currently running version 7.0.1.01, the Crypto-Officer must open the GUI based
administrative console provided with the module.
Under the software management and manage
packages table, the Crypto-Officer can see which firmware upgrade has been installed along with their
versions.
To update the module to 7.0.1.01, the Crypto-Officer must:
1.
Under "Software Management / Manage Packages" table, select "70101";
2.
Select download;
3.
Select install;
4.
Verify that the "Manage Packages" tab states that "70101" is installed.
Before enforcing FIPS on the module, the Admin Console CO must check that no non-FIPS approved
service is running on the module. To view the services that are currently used in enabled rules, select
"Monitor / Service Status". The Service Status window appears as shown in Figure 6 below. If the
window lists any non-FIPS-Approved protocols (such as telnet as shown below), then those protocols
must be disabled before the module is considered to be in an approved FIPS mode of operation.