This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
afowler224
Explorer
‎2025-05-07 05:59 AM

Disable FIPS for HotFix install

From my understanding if FIPS is enable it must be disabled before a hotfix is applied or has that change in the new R82 12 Hotfix.  I cant seem to find the right command to disable FIPs so the hotfix can be applied.  Any guidance would be appreciated.  I have tested the FIPs Off Command which gives me an error that FIPS cannot be disabled. 

 

 

 

0 Kudos
5 Replies
PhoneBoy
Admin
Admin
‎2025-05-07 08:11 AM

By design, FIPS mode does not allow installation of JHF.
I think you have to enter two commands to disable (in this order) to disable:

fips integrity off
fips off

To re-enable it after the fact (e.g. after installing JHF):

fips on
ips integrity on

 

0 Kudos
afowler224
Explorer
‎2025-05-08 12:48 PM
In response to PhoneBoy

Unfortunately I am getting an error when trying to turn off FIPS. 

 

"The command 'fips off' is no longer supported. FIPS mode cannot be disabled"

0 Kudos
PhoneBoy
Admin
Admin
‎2025-05-08 02:36 PM
In response to afowler224

Unfortunately, you will need to do a fresh installation in this instance.

0 Kudos
the_rock
Legend
Legend
‎2025-05-08 07:11 PM
In response to afowler224

There were definitely some long discussions about this topic : - )

Sadly, I checked in R82 as well, behavior is exactly the same.

Andy

https://community.checkpoint.com/t5/General-Topics/Enable-FIPS-mode/m-p/157849#M26645

https://community.checkpoint.com/t5/Security-Gateways/FIPS-mode-operation-and-some-manual-configurat...

0 Kudos
emmap
Employee
Employee
‎2025-05-08 08:59 PM
In response to the_rock

From my very limited understanding it is a 'feature' of the FIPS certification that requires preservation of configuration. Otherwise you can set cyphers / encryption libraries / etc to match the FIPS standards without necessarily locking into that mode. It's not something that I have had to work with though so I am ignorant of anything more than that.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events