ONTAP Discussions

ONTAP 9.3P15: Enabling FIPS Mode


Has anyone enabled FIPS mode? We have several FAS 8060 nodes in a cluster with ONTAP 9.3P15 and we are looking to enable FIPS mode.

I am looking at this document: 



So if I run and reboot:

security config modify -interface SSL -is-fips-enabled true


Does the security config looks like this?

  • FIPS: on
  • SSL protocol = {TLSv1.2}
  • SSL ciphers = {ALL:!LOW:!aNULL:!EXP:!eNULL:!RC4}

Any issue anyone experience?

What if we need TLS v1.1?



Hi there!


This page shows the output of "security config show" when FIPS is enabled - https://docs.netapp.com/ontap-9/index.jsp?topic=%2Fcom.netapp.doc.dot-cm-cmpr-950%2Fsecurity__config__show.html


Which includes the line you suspected it would show, as well as showing tls1.1 is enabled.



 Hope this helps!


Hi Alex,


Thanks for your reply. That page you showed me is for 9.5 and also that is the default when FIPS is disabled. One of the things I need to know is that if I enable FIPS, does it only allow TLS1.2? Will it let me add TLS 1.1 or would that invalidate FIPS?


Hi there! The page for 9.3 is the same - https://docs.netapp.com/ontap-9/index.jsp?topic=%2Fcom.netapp.doc.dot-cm-cmpr-930%2Fsecurity__config__show.html - which includes showing TLS 1.1 is enabled with FIPS mode on, so you won't need to change anything.

NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.