ACLI Commands
These ACLI commands and parameters support FIPS compliancy.
show security fips
The show security fips ACLI command displays the FIPS state. The following is an example of Acme Packet platform output.
ACMEPACKET# show security fips
*************************************************************
*** System is in FIPS 140-2 level-2 compatible mode. ***
*************************************************************
ACMEPACKET##
ACMEPACKET# show security fips
*************************************************************
*** System is in FIPS 140-2 level-1 compatible mode. ***
*************************************************************
If the Oracle® Enterprise Session Border Controller transitions from FIPS 140-2 to non-FIPS mode due to a self-test fail, the system is no longer accessible and you must use the Oracle Rescue Account and perform a manufacture reset on the module. For more information on performing a manufacture reset, see Accessing the Oracle Rescue Account.
ACMEPACKET# show security fips
************************************************************
*** System is NOT in FIPS 140-2 level-2 compatible mode.
*** FIPS Error - Software image integrity check failed
************************************************************
ACMEPACKET#
The following example displays some of the error messages you may see:
AES CBC with 128 bit key test failed.
AES CBC with 192 bit key test failed.
AES CBC with 256 bit key test failed.
AES CTR with 128 bit key test failed.
AES CTR with 192 bit key test failed.
AES CTR with 256 bit key test failed.
3DES CBC test failed.
SHA1 test failed.
SHA256 test failed.
HMAC-SHA1 test failed.
HMAC-SHA256 test failed.
Continuous DRBG failed.
DRBG with known entropy failed.
DRBG instantiate health test failed.
DRBG reseed health test failed.
DRBG generate health test failed.
DRBG conditional test failed.
BCM RNG test failed.
RSA crypto failed.
RSA pairwise consistency test failed.
RSA pairwise consistency Conditional test failed.
Software image integrity check failed.
BCM security processor not present.
HiFN not present on media phy card.
HiFN not present on wancom.show security ssm-accelerator
The show security ssm-accelerator command displays the SSM status on the E-SBC, allowing you to verify offloading to Nitrox. The following is an example of Acme Packet platform output:
ACMEPACKET# show security ssm-accelerator
SSM (Signaling Security Module) V3 present.
Driver Version: 5.3.1
Driver Compile time defines
----------------------------
MAIN LINE PROTOCOL used : SSL
MICROCODE used : MC2
------------------------------------------------------------------------
SSL Record Processing
------------------------------------------------------------------------
Record Encrypt Record Decrypt
Packet Requests: 0 0
Packet Aborts: 0 0
Bytes In: 0 0
Bytes Out: 0 0
------------------------------------------------------------------------
Crypto Processing
------------------------------------------------------------------------
Encrypt Decrypt
Packet Requests: 0 0
Packet Aborts: 0 0
Bytes In: 0 0
Bytes Out: 0 0
------------------------------------------------------------------------
HMAC
Packet Requests: 0
Packet Aborts: 0
Bytes In: 0
Bytes Out: 0
ACMEPACKET#