Submit a ticketCall us

Announcing NPM 12.2
With NPM 12.2 you can monitor your Cisco ASA firewalls, to monitor VPN tunnels for basic visibility and troubleshooting tunnels. NPM 12.2 also uses the SolarWinds Orion Installer so you can easily install and upgrade one or more Orion Platform products simultaneously.
See new features and improvements.

Home > Success Center > Network Performance Monitor (NPM) > Enable FIPS for compliance

Enable FIPS for compliance

Table of contents

Overview

SolarWinds has developed the Federal Information Processing Standard (FIPS) 140-2 Manager to direct you in configuring your SolarWinds software for FIPS 140-2 compliance.

Environment

All SolarWinds Orion versions

Steps

 

To configure a FIPS-compliant SolarWinds installation:

  1. Configure the server on which you have installed your SolarWinds software for FIPS compliance. For more information on using FIPS compliant algorithms, refer to the Microsoft Support knowledge base.
  2. Start the SolarWinds FIPS 140-2 Manager (SolarWinds.FipsManager.exe).
    Note: By default, SolarWinds.FipsManager.exe is located in Install_Volume:\Program Files (x86)\
  3. Review the welcome text, and then click Next.
  4. If you have configured your SolarWinds server to "use FIPS-compliant algorithms for encryption, hashing and signing", the SolarWinds FIPS 140-2 Manager will attempt to confirm that the current configuration of your SolarWinds products is FIPS-compliant.
  5. If any currently installed SolarWinds products are not FIPS compliant, the FIPS Manager will notify you of which SolarWinds modules are not FIPS-compliant. Click Close, and then remove any non-compliant SolarWinds modules from your FIPS-compliant server before running the FIPS 140-2 Manager again.
    Note: SolarWinds recommends that you install all FIPS-compliant SolarWinds software on specifically FIPS-compliant servers and separately maintain all non-compliant software on specifically non-compliant servers.
  6. If FIPS 140-2 is currently is disabled, check Enable FIPS 140-2, and then click Next.
  7. The FIPS Manager may provide a list of objects and saved network discovery definitions that are not FIPS-enabled.
    Note: This list of non-compliant objects does not auto-refresh. To refresh the list of non-compliant objects after editing required credentials, restart the FIPS 140-2 Manager.
  8. For each listed object that is not FIPS-compliant:
    1. Click the non-compliant object.
    2. If the non-compliant object is a monitored node, edit its Polling Method properties as follows:
      • Select SNMPv3 as the SNMP Version.
      • Select FIPS-compliant Authentication and Privacy/Encryption methods, and provide appropriate passwords.
        Note: SHA1 is a FIPS-compliant authentication method. AES128, AES192, and AES256 are FIPS-compliant Privacy/encryption methods.
      • Click Submit.
    3. If the non-compliant object is a network discovery, edit SNMP credentials as follows:
      • Confirm that all SNMP credentials are SNMPv3. Either delete or edit any credentials that are not VIPS-compliant SNMPv3.
      • Confirm that all SNMP credentials use FIPS-compliant FIPS-compliant Authentication and Privacy/Encryption methods, and provide appropriate passwords.
        Note: SHA1 is a FIPS-compliant authentication method. AES128, AES192, and AES256 are FIPS-compliant Privacy/encryption methods.
      • Complete the Network Sonar Wizard using the updated credentials.
  9. If all monitored objects and network discoveries are FIPS-compliant, click Restart now to restart all relevant SolarWinds services.

 

Enabling FIPS manually using gpedit.msc

    1. Click Start>Run. Then type gpedit.msc and press enter.

    2. Go to Local Computer Policy>Computer Configuration>Windows Settings>Securtiy Settings>Local Policies>Security Options>

    3. Disable System Cryptography: Use FIPS Compliant algorithms for encryption

Last modified
18:07, 4 Dec 2015

Tags

Classifications

Public