You can run Web Gateway in a mode that complies to the Federal Information Processing Standard (FIPS). Under this standard, which has been introduced by United States federal authorities to enhance information processing security, several restrictions are imposed on running the product.
The FIPS-compliant mode is enabled by selecting it during the installation procedure for Web Gateway.
The following restrictions are imposed in this mode:
- System files integrity — System files, which are files containing settings for functions of the Web Gateway appliance system, cannot be modified.
An example of a system file is the /etc/hosts file, which contains entries for IP addresses and host names, including the local IP address and host name of the appliance itself.
In other modes, system files can be edited using the File Editor on Web Gateway. This editor is removed from the user interface in FIPS-compliant mode.
- Root password not resettable — The root password, which is required for working with the command line interface on a system console that is connected to Web Gateway, cannot be reset.
Accessing Web Gateway as root administrator on the operating system level is then no longer possible.
In other modes, this password can be reset using an option on the troubleshooting menu of Web Gateway.
- No scheduled jobs for yum commands — Commands of the yum type, which are usually run manually on a system console that is connected to Web Gateway in order to perform product upgrades, cannot be run as scheduled jobs.
Examples of yum commands are
mwg-switch-repo, which is used to switch to a suitable software repository.
In other modes, these commands can be run as scheduled jobs, which run unattended at a given time and are configured using the Central Management functions of Web Gateway.
- No HSM support for SSL scanning — When the SSL scanner is used on Web Gateway to inspect and filter HTTPS traffic, private certificate keys cannot be stored on a Hardware Security Module (HSM), which is a separate physical device that is connected to Web Gateway.
In other modes, HSM devices for storing private certificate keys can be installed and configured to run with Web Gateway.
Install the downloaded software on a physical appliance.