Bridge GUI Guide: Security Configuration
121
4.1.8
FIPS Self-Test Settings
The Bridge runs a number of self-tests described in FIPS 140-
2, (Federal Information Processing Standards’
Security
Requirements for Cryptographic Modules
).
FIPS tests run—and self-test failures are logged—regardless
of whether it is in
FIPS
or
Normal
operating mode. When the
Bridge is in FIPS operating mode, it will additionally shut down
and reboot upon the failure of any FIPS self-test, as required
by FIPS 140-2 (refer to Section 4.1.1).
By default, FIPS tests run when they are automatically
triggered or manually executed (refer to Section 6.1.7). FIPS
tests are triggered regardless of FIPS settings. You cannot turn
triggered FIPS testing off on the Bridge. FIPS test triggers
include any security-related change to the Bridge’s
configuration (deleting a user, for example, or changing the re-
key interval).
You can configure the Bridge to run additional FIPS tests
periodically, and when periodic tests are enabled, you can
configure the FIPS self-test run-interval (the default is
86,400
seconds, or 24 hours).
You can configure the interval at which the random number
generator is reseeded (the default is
86,400
seconds, or 24
hours). You can also determine whether random number
generator (RNG) tests are run routinely: continuous RNG tests
are
Enabled
by default; when the Bridge is in FIPS operating
mode they cannot be
Disabled
.
You can configure FIPS self tests only in Advanced View.
4.1.9
Encrypted Data Compression
You can configure whether or not data passed by devices on
an encrypted interface on the Bridge (in the encrypted zone) is
compressed. Data compression in the encrypted zone is
enabled by default.
The compression settings of all Secure Clients (and other
Fortress controller devices) on the Bridge-secured network
must match: either enabled for all devices or disabled for all
devices.
You can enable/disable data compression only in Advanced
View.
4.1.10
Encrypted Interface Cleartext Traffic
By default, cleartext traffic—both received and transmitted—is
blocked on a Bridge’s encrypted interfaces (Ethernet ports or
radio BSS on which
Fortress Security
is
Enabled
).