Support User Manuals

Black Box EncrypTight Appliance Trim Kit User Manual

Open as PDF

of 352

ETEP Configuration

332 EncrypTight User Guide

● Performs a software integrity test

● Clears pre-existing polices and keys, as described in Table 104.

● Generates a new self-signed certificate on the management interface

● Removes all externally signed certificates

● Resets passwords to the factory defaults

● Closes remote SSH client sessions

Operational Notes

Entering FIPS mode may cause some delays when communicating with the ETEP.

● When the ETEP is rebooted with FIPS mode enabled, the ETEP does not become operational until

30-60 seconds after the login prompt is displayed. In the interim, attempts to communicate with the

ETEP from ETEMS or the CLI result in error messages (attempting to access a locked shared

resource or failure to create input stream). If you receive an error message, wait several seconds and

retry.

● The Ethernet management interface uses FIPS-approved cipher and authentication algorithms for SSL

and SSH connections. When operating in FIPS mode, it can take 30-60 seconds to establish an SSH

session.

● If you used SSH to manage the ETEP prior to entering FIPS mode, you may not be able to establish

an SSH session after FIPS is enabled. To correct this, clear the known host entry for your SSH client

and retry.

Disabling FIPS

The ETEP performs the following actions when exiting FIPS mode:

● Existing policies continue to run until they are replaced or deleted.

● SSH is reset when FIPS is disabled, terminating the current session.

Verifying FIPS Status on the ETEP

You can verify that FIPS is enabled on the ETEP in the following two ways:

● In ETEMS, compare the ETEMS and ETEP configurations (Tools > Compare Config to Appliance).

● Log in to the CLI and issue one of the following commands: show running-config or show fips-

mode.

Related topics:

● “Connecting Directly to an Appliance” on page 123

Table 104 Effects of clearing policies and keys when entering FIPS mode

Policy Type Action upon entering FIPS mode

Distributed key policies Traffic passes in the clear until new encryption policies are

created and deployed to the ETEP.

Point-to-point Layer 2 policies Keys are automatically renegotiated. Traffic is discarded in the

interim.

Management port policies Keys are automatically renegotiated. Traffic is discarded in the

interim.

previous next