Hi Rick,
From our dev team:
FIPS mode is supported in NGRP. Was tested in v13.3.
To configure NGRP in FIPS mode you should perform the following steps (if already in NGRP mode):
- impctl gateway stop
- impctl gateway openssl-fips enable
- impctl gateway start
You must be in NGRP mode to move to FIPS enable (RP mode + NGRP flag on).
In v13.x versions, need to move to NGRP mode first:
- impctl gateway teardown
- impctl gateway ngrp enable
- impctl gateway openssl-fips enable
- impctl boot
Hope this helps.
------------------------------
Rick Teplitz
Manager, Technical Writing
Imperva
------------------------------
Original Message:
Sent: 02-20-2020 17:13
From: Ricardo Lopez
Subject: NGRP - KRP FIPS 140-2 Compliance
Does the NGRP support Kernel Reverse Proxy web traffic decryption in FIPS mode?
Older implementations required a HSM (Hardware Security Module), does a virtual appliance need an HSM?
#On-PremisesWAF(formerlySecuresphere)
------------------------------
Rick
------------------------------