Fibre Channel (SAN)

Reply
Occasional Contributor
Posts: 19
Registered: ‎01-10-2007

enabling FIPS - anyone do this?

We are in the process of putting in 6510 and 7800 switches.  Since these are capable of FIPS, I am required to enable it.  I'm a little hesitant to do this for a few reasons - can't turn it off, and if it isn't set up correctly the switch will continuously reboot are two major ones.  I'm curious if anyone else has enabled FIPS on their switches.  I want to know if there are legit reasons why I should not do this or things to be aware of when I do.  Is there any issue in not being able to have a root user since that is disabled?  Is there any impact in using BNA since that registers itself with a read/write community in snmp and with FIPS read only snmp is all that is allowed (still on a trial license there).  Any issues with ISLs (FIPS or no FIPS)?

 

Any experience/tips would be greatly appreciated!

 

Thank you!

Annette

Valued Contributor
Posts: 761
Registered: ‎06-11-2010

Re: enabling FIPS - anyone do this?

Hi Annette,

 

I've reviewed many brocade SANs and none of them implemented FIPS. why do you need to enable this feature?

 

rgds,

Felipon

Occasional Contributor
Posts: 19
Registered: ‎01-10-2007

Re: enabling FIPS - anyone do this?

We are a government contractor and are required to follow the SAN STIG/SPAN from the DOD that tells us what we need to do to lock down and protect the SAN.  The switches that are currently in production aren't capable of FIPS, so I've not had to deal with it until now.  Since "I don't want to" isn't a valid reason to not enable FIPS, I figured I would see if anyone had experience with it or more info than what is listed in the admin guide.

New Contributor
Posts: 3
Registered: ‎10-16-2008

Re: enabling FIPS - anyone do this?


Annette wrote:

We are a government contractor and are required to follow the SAN STIG/SPAN from the DOD that tells us what we need to do to lock down and protect the SAN.  The switches that are currently in production aren't capable of FIPS, so I've not had to deal with it until now.  Since "I don't want to" isn't a valid reason to not enable FIPS, I figured I would see if anyone had experience with it or more info than what is listed in the admin guide.


Annette,

 

One thing of note is that FIPS mode requires disabling the root account.  Brocade support sometimes directs customers to follow procedures which only work when using the root account.  I suppose that, in those instances, support would have to find another solution to the problem at hand.

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.

vADC is now Pulse Secure
Download FREE NVMe eBook