FIPS Mode is not retained when restoring a Symantec Messaging Gateway Scanner from a backup

book

Article ID: 156218

calendar_today

Updated On:

Products

Messaging Gateway

Issue/Introduction

Following an OS restore of the operating system and restoration of the configuration from backup, a Symantec Messaging Gateway (SMG) scanner or control center which was previously configured to operate in FIPS mode is no longer operating in FIPS mode. Similarly, new SMG scanners added to an exising installation are not automatically set to FIPS mode.

Cause

 The FIPS state configuration is not being correctly stored in the backup file.

Resolution

This is a known issue.

To check the FIPS status of an SMG system, please do the following

  1. Login to the affected Scanner's CLI command prompt as "admin"
  2. At the prompt enter in the following command and press enter:
  3.     fipsmode status
  4. A non-FIPS mode response indicates that the system is not operating in FIPS mode.

Example:

SMG> fipsmode status
non-FIPS mode

Workaround

You will need to manually re-enable FIPS mode on the affected systems as follows:

  1. Login to the affected Scanner's CLI command prompt
  2. At the prompt enter in the following and press enter:
  3.     fipsmode on
  4. When prompted press Enter or Y to allow the scanner to reboot.