https://community.cisco.com/t5/network-access-control/ciso-ise/m-p/4815465#M581182 <P>Hi</P> <P>&nbsp;In ISE 2.4 is possible.&nbsp;</P> <P><A title="https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/release_notes/b_ise_24_rn.html#id_82769" href="https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/release_notes/b_ise_24_rn.html#id_82769" target="_self">https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/release_notes/b_ise_24_rn.html#id_82769</A>&nbsp;</P> <P>Previous is not&nbsp;</P> <P>FIPS is used for advanced security environment usually government environment.&nbsp; Enable this can have impact in other features.&nbsp; Read the&nbsp; documentation before enable FIPS.&nbsp;</P> Mon, 17 Apr 2023 06:13:08 GMT Flavio Miranda 2023-04-17T06:13:08Z https://community.cisco.com/t5/network-access-control/ciso-ise/m-p/4815457#M581181 <P>Hi,</P><P>How to do the below&nbsp; in cisco ise&nbsp;</P><P><SPAN>disable&nbsp; TLS Version 1.1 Protocol&nbsp;</SPAN></P><P><SPAN>SSL/TLS Diffie-Hellman Modulus&nbsp; from&nbsp; 1024 Bits to 2048 bits</SPAN></P><P>&nbsp;</P><P><SPAN><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="cisco ise fips mode.JPG" style="width: 645px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/182120i9A6DF99C684C87CC/image-size/large?v=v2&amp;px=999" role="button" title="cisco ise fips mode.JPG" alt="cisco ise fips mode.JPG" /></span></SPAN></P><P><SPAN>Do I need to enable fips mode&nbsp; to disable tls&nbsp; 1.1?</SPAN></P><P><SPAN>What is the impact of enabling fips mode&nbsp;</SPAN></P><P><SPAN>Thanks</SPAN></P><P>&nbsp;</P> Mon, 17 Apr 2023 05:58:44 GMT https://community.cisco.com/t5/network-access-control/ciso-ise/m-p/4815457#M581181 bluesea2010 2023-04-17T05:58:44Z https://community.cisco.com/t5/network-access-control/ciso-ise/m-p/4815465#M581182 <P>Hi</P> <P>&nbsp;In ISE 2.4 is possible.&nbsp;</P> <P><A title="https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/release_notes/b_ise_24_rn.html#id_82769" href="https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/release_notes/b_ise_24_rn.html#id_82769" target="_self">https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/release_notes/b_ise_24_rn.html#id_82769</A>&nbsp;</P> <P>Previous is not&nbsp;</P> <P>FIPS is used for advanced security environment usually government environment.&nbsp; Enable this can have impact in other features.&nbsp; Read the&nbsp; documentation before enable FIPS.&nbsp;</P> Mon, 17 Apr 2023 06:13:08 GMT https://community.cisco.com/t5/network-access-control/ciso-ise/m-p/4815465#M581182 Flavio Miranda 2023-04-17T06:13:08Z https://community.cisco.com/t5/network-access-control/ciso-ise/m-p/4816411#M581230 <P>Hi&nbsp;<a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/306956">@bluesea2010</a>&nbsp;,</P> <P>&nbsp;<STRONG>disable TLS</STRONG> at <STRONG>Administration &gt; Settings &gt; Security Settings</STRONG>, remember that:</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="Changing TLS.png" style="width: 455px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/182218i37D66A99AA103822/image-dimensions/455x217?v=v2" width="455" height="217" role="button" title="Changing TLS.png" alt="Changing TLS.png" /></span></P> <P class="lia-align-justify">&nbsp;you don't need to disable <STRONG>FIPS</STRONG> to disable <STRONG>TLS</STRONG>.</P> <P class="lia-align-justify">&nbsp;</P> <P class="lia-align-justify">You are able to <STRONG>FIPS Mode = Enabled</STRONG> at <STRONG>Administration &gt; Settings &gt; FIPS Mode</STRONG>.</P> <P class="lia-align-justify">Impacts of <STRONG>Enabling FIPS</STRONG>:</P> <P class="lia-align-justify"><STRONG>1st</STRONG> "<EM>... will cause an<STRONG> Application Server</STRONG> restart on ALL <STRONG>Deployment Nodes</STRONG> ...</EM>":</P> <P class="lia-align-justify"><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="Enabling FIPS.png" style="width: 470px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/182238i12124280AD6F59AD/image-dimensions/470x183?v=v2" width="470" height="183" role="button" title="Enabling FIPS.png" alt="Enabling FIPS.png" /></span></P> <P><STRONG>IMPORTANT</STRONG>: <STRONG>FIPS</STRONG> <U>can not be enabled</U> until you remove/edited ALL&nbsp;<STRONG>Allowed Protocols</STRONG> configured to use <STRONG>non-FIPS Compliant</STRONG> ... after <STRONG>FIPS Mode = Enabled</STRONG> and after clicking the <STRONG>Save</STRONG> button, you are able to check the&nbsp;<STRONG>non-FIPS Compliant</STRONG> protocols?</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="Allow Protocols Non-FIPS Compliant Protocols.png" style="width: 635px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/182239i6E1437C1BCDAC0DD/image-size/large?v=v2&amp;px=999" role="button" title="Allow Protocols Non-FIPS Compliant Protocols.png" alt="Allow Protocols Non-FIPS Compliant Protocols.png" /></span></P> <P>&nbsp;</P> <P>&nbsp;<STRONG>2nd</STRONG> ... please take a look at:&nbsp;<A href="https://community.cisco.com/t5/network-access-control/enabling-fips-on-ise-amp-potential-impact/td-p/4636987" target="_blank" rel="noopener">Enabling FIPS on ISE &amp; potential impact</A>.</P> <P class="lia-align-justify">&nbsp;</P> <P class="lia-align-justify">Hope this helps !!!</P> Tue, 18 Apr 2023 04:02:12 GMT https://community.cisco.com/t5/network-access-control/ciso-ise/m-p/4816411#M581230 Marcelo Morais 2023-04-18T04:02:12Z