Documentation | Support

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Content Gateway Security > FIPS 140-2 Mode
FIPS 140-2 Mode
Help | Content Gateway | v8.5.x
FIPS (Federal Information Processing Standard) 140-2 is a U.S. government security standard for hardware and software cryptography modules. Modules validated against the standard assure government and other users that the cryptography in the system meets the standard.
The cryptographic libraries used in Forcepoint Web Security, including the Content Gateway component, have passed FIPS 140-2 Level 1 validation. For details on the cryptographic modules used and their FIPS certificates, see FIPS 140-2 with Forcepoint Appliances and Web Security.
By default, Content Gateway does not operate in FIPS 140-2 mode. Content Gateway still uses the FIPS-validated libraries, but it also allows cryptographic algorithms that are not supported by the FIPS 140-2 standard.
Administrators can configure Content Gateway to enforce FIPS 140-2 on HTTPS connections.
When FIPS is enabled:
*
HTTPS connections use TLSv1.1 and TLSv1.2.
*
HTTPS connections use FIPS 140-2 approved algorithms
*
Content Gateway generates SHA-256 certificates in response to origin server certificate requests
 
* 
Warning 
Once the FIPS 140-2 option is enabled, it cannot be disabled without completely reinstalling Content Gateway. If Content Gateway is on an appliance, the appliance must be reimaged.
 
* 
Important 
FIPS 140-2 is not used for:
*
Traffic that flows through the cloud (Hybrid Module).
*
Traffic forwarded to Forcepoint Advanced Malware Detection.
*
Forcepoint Mobile Security.
*
IWA fallback to NTLM or Legacy NTLM user authentication.
To enable FIPS 140-2 on HTTPS connections:
1.
In the Content Gateway manager go to the Configure > Security > FIPS Security page.
2.
Review the warning.
3.
Select Enabled, then click Apply.
4.
To enable FIPS, restart Content Gateway. Otherwise, select Disable and click Apply.
 
* 
Important 
After FIPS is enabled, you must re-install any hotfixes previously installed for the current version of Content Gateway.

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Content Gateway Security > FIPS 140-2 Mode
Copyright 2023 Forcepoint. All rights reserved.