When you enable the FIPS mode, any secure communication to or from the NSX Edge uses cryptographic algorithms or protocols that are allowed by United States Federal Information Processing Standards (FIPS). FIPS mode turns on the cipher suites that comply with FIPS.

If you configure components those are not FIPS compliant on a FIPS enabled edge, or if you enable FIPS on a edge which has ciphers or authentication mechanism that is not FIPS compliant, NSX Manager will fail the operation and provide a valid error message.

Component

Functionality

FIPS Mode

Non-FIPS Mode

SSL VPN

RADIUS Authentication

Not Available

Available

SSL VPN

RSA Authentication

Not Available

Available

TLS Protocol

TLSv1.0

Not Available

Available

Routing

OSPF, BGP - Password MD5 Authentication

Not Available

Available

IPSec VPN

PSK Authentication

Not Available

Available

IPSec VPN

DH2 and DH5 groups

Not Available

Available

IPSec VPN

DH14, DH15, and DH16 groups

Available

Available

IPSec VPN

AES-GCM Algorithm

Not Available

Available