About operating WhatsUp Gold in FIPS 140-2 mode

There are several important things to take into consideration if you plan to operate WhatsUp Gold in FIPS 140-2 mode:

• WhatsUp Gold does not recommend that you enable FIPS if you plan to use SNMPv1, SNMPv2, or SNMPv3 credentials that do not use encryption or authentication.
• WhatsUp Gold detects a FIPS compliant operating system and places the system in FIPS 140-2 mode automatically upon initial start-up.
• WhatsUp Gold recommends that SSHv2 only be used with FIPS 140-2 certified algorithms, because WhatsUp Gold in FIPS 140-2 mode does not support communications using non-certified algorithms.
• SNMPv3 credentials using MD5 and DES56 are prohibited; you are unable to enable FIPS if SNMPv3 credentials using MD5 exist in the Credentials Library. You must modify or remove such credentials in order to enable FIPS.

  The following are scenarios may occur when you try to enable FIPS 140-2 mode in the Program Options dialog:

  If a message is presented that you have non-compliant SNMPv3 credentials (but you have a compliant SSL certificate):

  This option is disabled because the SNMPv3 credentials are not FIPS compliant. Go to the Credentials Library to edit or remove the SNMP credentials. After editing or removing the credentials, you can enable this option in the Program Options dialog.

  If a message is presented that you have non-compliant SSL certificate (but you have a compliant SNMP credentials):

  This option is disabled because the SSL certificate is not FIPS compliant. Replace your current SSL certificate with a FIPS-compliant SSL certificate. To automatically replace your current SSL certificate with the default FIPS-compliant SSL certificate, click the link in the on-screen messsage. After replacing the SSL certificate, you can enable this option in the Program Options dialog.

  If a message is presented that you have non-compliant SNMPv3 credentials and a non-compliant SSL certificate:

  This option is disabled because the SNMPv3 credentials and the SSL certificate are not FIPS compliant. Go to the Credentials Library to edit or remove the SNMP credentials. Also, replace your current SSL certificate with a FIPS-compliant SSL certificate. To automatically replace your current SSL certificate with the default WhatsUp Gold FIPS-compliant SSL certificate, click the link in the on-screen message. After editing or removing the credentials and replacing the SSL certificate, you can enable this option in the Program Options dialog.

  If a message is presented that confirms you have used the WhatsUp Gold default SSL certificate:

  You have selected to use the default FIPS-compliant SSL certificate in WhatsUp Gold. Your certificate password is not be backed up automatically. Make sure you back up the SSL certificate password before completing this action. The current SSL certificate is backed up as server.crt.bak and server.key.bak.

For more information about SSL certificates in WhatsUp Gold, see About the WhatsUp Gold default SSL certificates.

For more information about the FIPS 140-2 specification, see the U.S. Department of Commerce documentation.

See Also Enabling FIPS 140-2 mode