MX84 & FIPS - conflicting information

KenLux
Here to help

MX84 & FIPS - conflicting information

Hi,

 

I need to verify that my MX84 is utilizing FIPS mode. I am running into conflicting information and cannot verify FIPS Validated encryption is being used.

 

  1. Cisco references CMVP Certificate #2984, which is no longer active (you have to search for historical certificates to find this certificate, and warns that it may be risky to use this certificate for Federal procurement). https://www.cisco.com/c/dam/en_us/solutions/industries/government/security_certification/pdfs/mx-mer...
  2. There are new CMVP Certificates for the Cisco FIPS Object Module (4174 and 4036). But I can't find a reference to these certificates for the MX devices (https://www.cisco.com/c/en/us/solutions/industries/government/global-government-certifications/fips-...)
  3. This page describes implementation of FIPS (https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Meraki_Device_to_Clou...) and says:
    Enable/Disable FIPS mode via UI

    To satisfy the new FIPS compliance requirements for your network, please follow the instructions below.

    This setting is available in the Dashboard under Network-wide -> General

  4. However, with MX16.16 installed, I do not see this section of Network-wide --> General:clipboard_edc7eb80050f93981b9e74d0be2f941b2.png
  5. This page says that the MX doesn't support FIPS for AnyConnect: https://documentation.meraki.com/MX/Client_VPN/AnyConnect_on_the_MX_Appliance/AnyConnect_on_ASA_vs._... MX FIPS.PNG

 

So, my questions are:

  • How do I verify which version of the Csico FIPS Object Module the MX84 with firmware NX16.16 is using?
  • Why don't I see the option to enable FIPS mode per the Meraki documentation (see #4 above)?

 

Thanks!

1 Reply 1
alemabrahao
Kind of a big deal
Kind of a big deal

Open a case with Meraki support.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels