6xxx | Product Overviewxxx
NOTE: The FIPS mode can be changed via the DSView software plug-in.
RCS switches use an embedded FIPS 140-2 validated cryptographic module
(Certificate #1051) running on a Linux PPC platform per FIPS 140-2
Implementation Guidance section G.5 guidelines.
The FIPS mode can be enabled/disabled via the OBWI, Local Port, or DSView
plug-in. A reboot is required to enable or disable FIPS mode. A firmware upgrade
to this version or setting the state to the default state (Setup Port menu) will
disable FIPS mode.
In FIPS mode, encryption ciphers are restricted to AES or 3DES. When FIPS is
enabled, if the Keyboard/Mouse or Video encryption is set to 128-bit SSL or
DES, the encryption level is automatically changed to AES. With FIPS enabled,
these files are saved (or restored) using a FIPS compatible algorithm, AES.
When FIPS is disabled, the User Database and Appliance Configuration files
saved from or restored to the appliance as external files are encrypted (or
decrypted) using DES.
This is true even when the user does not fill in the Password parameter in the
Save (or Load) dialog on the OBWI, in which case a default OEM password is
used for encryption or decryption.
One result of enabling the FIPS module is to render previously saved User
Database and Appliance Configuration files incompatible. In this case, you may
temporarily disable the FIPS module, reboot the appliance, restore the previously
saved database or configuration file, re-enable the FIPS module, reboot, and then
save the file externally again while the FIPS module is enabled. The new saved
external file will be compatible with the appliance as long as the appliance is
running with FIPS mode enabled.
The opposite situation is also true, in that database and configuration files
saved with FIPS module enabled are not compatible for restoring to an
appliance without the FIPS module enabled or an appliance with older firmware
not supporting the FIPS module.