Enable and Verify FIPS-CC Mode Using Workspace ONE on iOS Endpoints
Focus
Focus
GlobalProtect

Enable and Verify FIPS-CC Mode Using Workspace ONE on iOS Endpoints

Table of Contents

Enable and Verify FIPS-CC Mode Using Workspace ONE on iOS Endpoints

Use the following steps to enable and verify FIPS-CC mode for GlobalProtect™ on iOS endpoints using Workspace ONE.
To enable FIPS-CC for iOS and Android endpoints, you must use the GlobalProtect version GlobalProtect for Governments. Contact Palo Alto Support and create a case to access the GlobalProtect for Governments version, which is privately distributed.
  1. Enable FIPS mode for iOS endpoints.
    1. Configure Workspace ONE for iOS endpoints.
    2. From the Workspace ONE console, modify an existing Apple iOS profile or add a new one.
      • Select ResourcesProfiles & BaselinesProfilesADD, then Add Profile.
      • Select iOS from the platform list.
      • Select Device Profile from the Select Context Window.
    3. On the ResourcesProfiles & BaselinesProfiles page, select the <iOS profile> for which you want to enable FIPS-CC mode.
    4. Configure the General, VPN, and Credentials (Optional) settings for the <iOS profile> that you want to create.
    5. On the VPN page, under Custom Data:
      • Specify the Key value as enable-fips-cc-mode.
      • Set the Value to Yes.
    6. Save and Publish your changes.
      After you enable the FIPS-CC mode on the Workspace ONE console, the console pushes the updated FIPS-CC mode configuration to the iOS endpoints.
    7. Ensure that the updated configuration is pushed from the console to the iOS endpoints. On the iOS endpoint, select SettingsGeneralVPN & Device ManagementVPN. The VPN Configuration screen displays the latest configuration.The following screenshot shows an example of VPN configuration.
  2. Verify that FIPS-CC mode is enabled on the GlobalProtect app.
    1. Launch the GlobalProtect app.
    2. From the status panel, open the settings dialog (
      ).
    3. Select About.
    4. Verify that FIPS-CC mode is enabled. If FIPS-CC mode is enabled, the About dialog displays the FIPS-CC Mode Enabled status.
      If FIPS-CC mode could not be enabled successfully, the About dialog displays the FIPS-CC Mode Failed status.
    You cannot disable the FIPS-CC mode on iOS endpoints. To disable the FIPS-CC mode, you must remove the iOS device from the respective configuration profile through the Workspace ONE console.
  3. View the logs to view the GlobalProtect app logs related to FIPS-CC mode on iOS endpoints.
  4. View, collect, and send the logs to the administrator to troubleshoot and resolve the issues related to FIPS-CC mode on iOS devices.