enable cc-mode
To enable Common Criteria mode, use the enable cc-mode command.
enable cc-mode
Syntax Description
This command has no arguments or keywords.
Command Modes
Security mode
Command History
ModificationRelease
Command added.1.1(1)
Usage Guidelines
Connectivity to one or more services may be denied when this command is committed. Also, a reboot of the
system will be required.
Prior to FXOS release 2.0.1, the existing SSH host key created during first-time setup of a device was
hard-coded to 1024 bits. To comply with FIPS and Common Criteria certification requirements, you must
destroy this old host key and generate a new one (see create ssh-server, on page 75 for information about
creating and deleting SSH host keys). If you do not perform these additional steps, you will not be able to
connect to the Supervisor using SSH after the device has rebooted with Common Criteria mode enabled. If
you performed initial setup using FXOS 2.0.1 or later, you do not have to generate a new host key.
Important
Example
This example shows how to enter security mode and enable Common Criteria mode:
FP9300-A # scope security
FP9300-A /security # enable cc-mode
Warning: Connectivity to one or more services may be denied when committed.
Please consult the product's CC Security Policy documentation.
WARNING: A reboot of the system is required in order for the system to be operating in a
CC approved mode.
FP9300-A /security* #
Related Commands
DescriptionCommand
Disables Common Criteria mode.disable cc-mode
Shows current Common Criteria mode administrative and operational states.show cc-mode
Cisco Firepower 4100/9300 FXOS Command Reference
95
A – R Commands
enable cc-mode
To Next Page
Loading...
Need help?
General