启用 FIPS

建议所有安全用户在系统安装或升级后立即调整其安全配置。启用 SSL FIPS 模式后，从 ONTAP 到外部客户端或 ONTAP 外部的服务器组件的 SSL 通信将为 SSL 使用符合 FIPS 的 crypto。

关于本任务

建议使用以下设置来启用 FIPS：

FIPS： on
SSL protocol = {TLSv1.2}
SSL ciphers = {ALL:!LOW:!aNULL:!EXP:!eNULL:!RC4}

更改为高级权限级别：set -privilege advanced
启用 FIPS：security config modify -interface SSL -is-fips-enabled true
在提示继续时，请输入 y
逐个手动重新启动集群中的每个节点。

mycluster-1::*> security config modify -interface SSL -is-fips-enabled true 

Warning: This command will enable FIPS compliance and can potentially cause
         some non-compliant components to fail. MetroCluster and Vserver DR
         require FIPS to be enabled on both sites in order to be compatible.
Do you want to continue? {y|n}: y

Warning: When this command completes, reboot all nodes in the cluster. This is
         necessary to prevent components from failing due to an inconsistent
         security configuration state in the cluster. To avoid a service
         outage, reboot one node at a time and wait for it to completely
         initialize before rebooting the next node.  Run "security config
         status show" command to monitor the reboot status.
Do you want to continue? {y|n}: y

提供反馈