We been told persons that I'm not sure really knows we should,that we should make our FortiGates FIPS compliant. We do not use them to host VPNs, and the only place I would think that could be an issue is with the management interface used to admin the device. The device is strictly behaving as a firewall. Is there a way to do so, or is it even doable, or needed, without enabling fips-cc?
Hello dbeitler,
Typically, you would need a specific use case or requirement for your industry or application that mandates using FIPS 140-2 with your FortiGate.
Fortinet has more details about FIPS 140-2 both the specific certified product models and their specific certified firmware versions available here:
https://www.fortinet.com/corporate/about-us/product-certifications/fips
You can review FortiGate FIPS 140-2 on the latest certified version FortiOS 6.2.7 here:
https://docs.fortinet.com/document/fortigate/6.2.7/fips-140-2-and-ndcpp-common-criteria-technote
If instead of using FIPS 140-2, you are interested in more of general hardening best practices, then you might be more interested in the Hardening section of the FortiOS 7.2 Best Practices document:
https://docs.fortinet.com/document/fortigate/7.2.0/best-practices/555436/hardening
Hope this helps.
