Palo Alto Networks
880-000018-00B
Palo Alto Networks Firewall Security Policy
Page 14 of 49
3 Modes of Operation
3.1
FIPS Approved Mode of Operation
The modules support both a FIPS mode and a non-FIPS mode. The following procedure will put the
modules into the FIPS mode of operation:
· During initial boot up, break the boot sequence via the console port connection (by pressing the m
button when instructed to do so) to access the main menu.
· Select "Continue."
· Select the "Set FIPS Mode" option to enter FIPS mode.
· Select "Enable FIPS Mode".
· When prompted, select "Reboot" and the module will re-initialize and continue into FIPS mode.
· The module will reboot.
· In FIPS mode, the console port is available only as a status output port.
The module will automatically indicate the FIPS Approved mode of operation in the following manner:
· Status output interface will indicate "**** FIPS MODE ENABLED ****" via the CLI session.
· Status output interface will indicate "FIPS Mode Enabled Successfully" via the console port.
· The module will display "FIPS mode" at all times in the status bar at the bottom of the web
interface.
Should one or more power-up self-tests fail, the FIPS Approved mode of operation will not be
achieved. Feedback will consist of:
· The module will reboot and enter a state in which the reason for the reboot can be determined.
· To determine which self-test caused the system to reboot into the error state, connect the console
cable and follow the on-screen instructions to view the self-test output.
· Install FIPS kit opacity shields and tamper evidence seals according to Section 9.
· The tamper evidence seals and opacity shields shall be installed for the module to operate in a
FIPS Approved mode of operation.