GigaVUE‑OS is compliant with the Federal Information Processing Standard (FIPS), a US government standard for security requirements of cryptographic modules. The Gigamon Linux-based cryptographic module (the FIPS module) provides cryptographic functions for GigaVUE nodes and offers a high level of security for the Ethernet management interface. The FIPS module is compliant with FIPS 140-2 Level 1 and was validated by the National Institute of Standards and Technology (NIST). The certificate number is 2128.
Also, OpenSSL is integrated with the FIPS module and is updated to version 1.0.2zf.
To enable FIPS:
- Select Settings > Global Settings > Security.
- Click Edit.
- On the Edit Security Settings page, select FIPS 140-2 Mode.
- Click OK to save the changes..
Once FIPS is enabled, the device will reload and the device configuration will be reset. All traffic, keys and certification configurations will be cleared.
For communications with the GigaVUE node, SSL or SSH clients are requested to use high strength ciphers during the session set up negotiation. A high strength cipher is one that uses a key that is equal to or greater than 128 bits.
Weak ciphers will be rejected by the GigaVUE node. For example, if a client attempts to connect to the GigaVUE Ethernet management port using blowfish, the following error message will be displayed: No matching cipher found.