Knowledge Search


×
 

[NSM] Cannot manage transparent firewall in FIPS mode

  [KB27971] Show Article Properties


Summary:

This article describes why a firewall device running in transparent mode (L2) with Federal Information Processing Standards (FIPS) mode enabled cannot be managed via NSM.

Symptoms:

A firewall is running in transparent mode (L2) with FIPS mode enabled.  The device cannot be managed via NSM.

Cause:

This is a limitation of FIPS mode on the device.

Solution:

The NSM traffic is generated from the self zone, which is a functional zone.  As such, we cannot create a policy to send the traffic through an Advanced Encryption Standard (AES) tunnel, which is an FIPS requirement. Configuring a route based VPN places the device into L2/L3 mixed mode, which is not supported.

Related Links: