Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Restrictions on Secure Web Gateway in FIPS-compliant Mode

You can run Secure Web Gateway in a mode that complies to the Federal Information Processing Standard (FIPS). Under this standard, which has been introduced by United States federal authorities to enhance information processing security, several restrictions are imposed on running the product.

The FIPS-compliant mode is enabled by selecting it during the installation procedure for Secure Web Gateway.

The following restrictions are imposed in this mode:

  • System files integrity — System files, which are files containing settings for functions of the Secure Web Gateway appliance system, cannot be modified.
    An example of a system file is the /etc/hosts file, which contains entries for IP addresses and host names, including the local IP address and host name of the appliance itself.

    In other modes, system files can be edited using the File Editor on Secure Web Gateway. This editor is removed from the user interface in FIPS-compliant mode.

  • Root password not resettable — The root password, which is required for working with the command line interface on a system console that is connected to Secure Web Gateway, cannot be reset.

    Accessing Secure Web Gateway as root administrator on the operating system level is then no longer possible. In other modes, this password can be reset using an option on the troubleshooting menu of Web Gateway.

  • No scheduled jobs for yum commands — Commands of the yum type, which are usually run manually on a system console that is connected to Secure Web Gateway in order to perform product upgrades, cannot be run as scheduled jobs.

    Examples of yum commands are yum upgrade or mwg-switch-repo, which is used to switch to a suitable software repository.
    In other modes, these commands can be run as scheduled jobs, which run unattended at a given time and are configured using the Central Management functions of Secure Web Gateway.

  • No HSM support for SSL scanning — When the SSL scanner is used on Secure Web Gateway to inspect and filter HTTPS traffic, private certificate keys cannot be stored on a Hardware Security Module (HSM), which is a separate physical device that is connected to Secure Web Gateway.

    In other modes, HSM devices for storing private certificate keys can be installed and configured to run with Secure Web Gateway.

For more information about how to install Secure Web Gateway, see Set Up a Physical Appliance.


  • Was this article helpful?