Help
FortiSIEM
FortiSIEM provides Security Information and Event Management (SIEM) and User and Entity Behavior Analytics (UEBA)
yujames
Staff
Staff

Created on ‎03-26-2018 04:35 PM

Article Id 196966

Technical Tip: How to Turn off FIPS for FortiSIEM Windows Agents

Description

This article describes how to disable FIPS in Windows operating system. FIPS mode is a federal requirement for machines that run on government agencies that have sensitive data which protocol and security measures that protect the data are approved by the US government. 


The purpose of this article is to explain how to disable these features on a windows server and allow users to bypass FIPS. FIPS compliant windows servers interfere with the operations/installation of Windows Agent Manager  and the Windows Agent itself.  FIPS uses certain protocols to allow connections, there is currently no work-around other than to disable FIPS operations from the windows server.  This will allow the continuation of operating the Windows Agent Manager.

 

Windows Agent Manager will receive a “Failed to Add FortiSiem service connection to registry” as a result of FIPS being turned on.  FIPS protects the registry from being edited by non FIPS compliant Software.  Microsoft reference links and blog notes (below) explain how to verify the solution. Microsoft has recommended to turn off FIPS mode for any future usage of windows.


Scope
All Windows Agent Manager and Windows Agents
Solution

To disable FIPS in Windows:

1. From 'Run' type gpedit.msc, it will open 'Local Group Policy Editor'.
2. Navigate to 'Local Computer Policy > Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options' in the left pane.
3. Click on 'Security Options' and then select 'System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing' in the right pane.
4. Right-click on this option (System cryptography) and click on 'Properties'.



5. From the 'Properties' dialog, select 'Disabled' radio button under 'Local Security Setting' page.




6. Restart the PC.

 

 

Additional Notes:

Microsoft KB 811833 will describe this for further information:

https://support.microsoft.com/en-us/help/811833/system-cryptography-use-fips-compliant-algorithms-fo...

 

As of 2014, Microsoft has recommended to turn off FIPS mode as well.

https://blogs.technet.microsoft.com/secguide/2014/04/07/why-were-not-recommending-fips-mode-anymore/


Labels:
4240
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.