Enabling FIPS

It is recommended that all secure users adjust their security configuration immediately after system installation or upgrade. When SSL FIPS mode is enabled, SSL communication from ONTAP to external client or server components outside of ONTAP will use FIPS compliant crypto for SSL.

About this task

The following settings are recommended to enable FIPS:

FIPS: on
SSL protocol = {TLSv1.2}
SSL ciphers = {ALL:!LOW:!aNULL:!EXP:!eNULL:!RC4}

Change to advanced privilege level: set -privilege advanced
Enable FIPS: security config modify -interface SSL -is-fips-enabled true
When prompted to continue, enter y
One by one, manually reboot each node in the cluster.

mycluster-1::*> security config modify -interface SSL -is-fips-enabled true 

Warning: This command will enable FIPS compliance and can potentially cause
         some non-compliant components to fail. MetroCluster and Vserver DR
         require FIPS to be enabled on both sites in order to be compatible.
Do you want to continue? {y|n}: y

Warning: When this command completes, reboot all nodes in the cluster. This is
         necessary to prevent components from failing due to an inconsistent
         security configuration state in the cluster. To avoid a service
         outage, reboot one node at a time and wait for it to completely
         initialize before rebooting the next node.  Run "security config
         status show" command to monitor the reboot status.
Do you want to continue? {y|n}: y

Give documentation feedback