HP AE370A HP StorageWorks Fabric OS 6.x administrator guide (5697-0015, May 20 - Page 132
fipscfg, enable fips, disable fips
![]() |
UPC - 882780362611
View all HP AE370A manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 132 highlights
b. Add a rule to the IP Filter policy, see "To add a rule to an IP Filter policy:" on page 120. You can use the following modifications to the rule: ipfilter --addrule -rule -sip -dp -proto -act • -sip option can be given as any • -dp option for the port numbers for Telnet, HTTP, and RPC are 23, 80, and 898 respectively • -proto option should be set to tcp c. Activate the IP Filter policy, see "To activate an IP Filter policy:" on page 117. d. Save the IP Filter policy, see "To save an IP Filter policy:" on page 117. Example ipfilter --createrule http_block_v4 --type ipv4 ipfilter --addrule http_block_v4 -rule 2 -sip any -dp 80 -proto tcp -act deny ipfilter --activate http_block_v4 ipfilter --save http_block_v4 5. Type the following command to block access to the boot PROM: fipscfg --disable bootprom Block boot PROM access before disabling root account. 6. Enable signed firmware by typing the configure command and respond to the prompts as follows: System services No cfgload attributes Yes Enforce secure config Upload/Download Press enter to accept default. Enforce firmware signature validation Yes Example switch:admin> configure Not all options will be available on an enabled switch. To disable the switch, use the "switchDisable" command. Configure... System services (yes, y, no, n): [no] ... cfgload attributes (yes, y, no, n): [no] yes Enforce secure config Upload/Download (yes, y, no, n): [no] Enforce firmware signature validation (yes, y, no, n): [no] yes 7. Type the following command to block access to root: userconfig --change root -e no By disabling the root account, RADIUS and LDAP users with root roles are also blocked in FIPS mode. 8. Verify your switch is FIPS ready: fipscfg --verify fips 9. Type the command fipscfg --enable fips. 10. Reboot the switch. To disable FIPS mode: 1. Log in to the switch using an account assigned the admin or securityAdmin role. 2. Type the command fipscfg --disable fips. 3. Reboot the switch. 4. Enable the root account by following the bootprom: userconfig --change root -e yes 5. Enable access to the bootprom: fipscfg --enable bootprom 132 Configuring advanced security features
![](/manual_guide/products/hewlettpackard-ae370a-hp-storageworks-fabric-os-6x-administrator-guide-56970015-2009-6d92f40/132.png)