Turning on FIPS mode in Palo Alto

12/10/20241 min read

SSH to the 192.168.1.1 and use credentials admin admin to authenticate

type command

debug system maintenance-mode

type ' y ' to confirm. The device will reboot.

SSH back into the device. The login credential will have changed. The username will be maint and the password will be the serialnumber of the device

Use the arrow keys to highlight the enable FIPS mode option and press Enter to select. A progress bar will appear at the bottom of the SSH window showing the progress of the system reconfiguration and then it will reboot again

When the system comes back online, use the new credentials admin paloalto to authenticate.

It will have a banner stating that it is FIPS enabled.

Or you can run this command in the CLI

show system info | match operation

If you are FIPs enabled, the output will be

operational-mode: FIPS-CC