ATM_ID: B5659C12-A6AB-11EC-96C2-7D98BEA7DE52

MFF:

PLANNEDTIMESTAFF:

ID: Not_to_use_for_any_Dashboard/Deprecated/FS_22.205_FIPS/14570

TESTCASE_HEADLINE: When IPsec setting ( ESP Encryption as :Null and PFS:- None) is configured against FIPS ONLY mode and when user tries to enable FIPS ONLY through SNMP, check if FIPS ONLY is mode is getting enabled.

GROUP:

FEATURE:

SUB_FEATURE:

INPUT: <p>&nbsp;1. Login as Admin, Navigate to device EWS -- Properties -- Security -- IPsec page.</p><p>&nbsp;&nbsp;2. Create New Action with IKE Keying Method; choose ESP Encryption as :Null and PFS:- None; SHA-256 in Hash algorithm and save this Configured Settings.</p><p>&nbsp;&nbsp;3. Define IPsec policy with Host groups- Any; Protocol Groups- All; and with newly created action(in above step-2).</p><p>&nbsp;&nbsp;4. Enable IPSEC and save the settings.</p><p>&nbsp;&nbsp;5. FIPS is in disabled mode.</p><p>&nbsp;&nbsp;6. Ensure that NO other FIPS constraint settings are configured except IPsec setting ( ESP Encryption as :Null and PFS:- None).</p>

PROCEDURE: <p>&nbsp;&nbsp;1. Opened Linux terminal for providing SNMP SET command for enabling FIPS ONLY mode</p><p>&nbsp;&nbsp;2. FIPS ONLY mode :- snmpset -v2c -cprivate 13.61.22.150 1.3.6.1.4.1.253.8.53.5.2.1.2.1 i 2325 1.3.6.1.4.1.253.8.53.5.2.1.3.1 s OI=1.3.6.1.4.1.253.8.53.13.2.1.6.1.180.11:OV="1": 1.3.6.1.4.1.253.8.53.5.2.1.7.1 s 12345</p><p>&nbsp;&nbsp;3. On providing this set command; check if the SNMP command is getting SET successful and also check if FIPS ONLY mode is getting enabled.</p>

OUTPUT: <p>3 (i) SNMP SET command should be set successfully without throwing any error message in the SNMP linux terminal.<br />
(ii) FIPS Only mode should be enabled in the device.</p>

PROCESS:

PRIORITY:

TEST_TYPE: manual

LOE:

RESOURCE_HW:

RESOURCE_CONSUMEABLES:

RESOURCE_MEDIA:

SKILL_SET:

TEST_CASE_TYPE: testcases

TESTCASE_SOURCE:

SPEC: FIPS 140-3 Certification

SPEC_VERSION: 1.0001

SPEC_TAG: [22.205.095] (FT-27164, FT-29598, FT-28756) {DY 7.6, DY 7.8} Any change to enable FIPS mode of operation on a machine via SNMP (to the MIB) shall be rejected if a FIPS configuration check would report an exception or failure due to conflicting settings.  
[22.205.100] (FT-27164, FT-29598, FT-28756) {DY 7.6, DY 7.8} When the MFP’s FIPS configuration setting is changed (via the WebUI and SNMP) from disabled to either ‘FIPS only’ enabled or ‘FIPS with CC mode’ enabled, then the device shall check all enabled/active protocol/feature/functions leveraging security encryptions and hashes for the corresponding level of compliance regardless of the previous configuration. 

ATM_OWNER:

APPROVE_QE:

APPROVED_QE:

APPROVE_SE:

APPROVED_SE:

APPROVE_SPAR:

APPROVED_SPAR:

ASSOCIATED_TESTCASES:

TRAINING:

TESTCASE_VERSION:

TESTCASE_STATE:

TESTCASE_PLATFORM:

TESTCASE_PRODUCT: canyon, carroll, corvo, kiska, mystic, melody

TESTCASE_FAMILY:

TESTCASE_APPROVALS:

CDATE: 1647601695

MDATE: 1647601695, 1651240582, 1742818693

MUSER: USWU60000, USWU60000, w3K3WRKH

AUTHOR: USWU60000

ATM_MCOMMENTS: Imported from spreadsheet, Renamed from "DPQA_NewFeature/D7.6/FT-27164_Mocana_TrustCore_2020_FIPS_140-3_modules_for_Alexandra/161804"., Renamed from "WFAST_Connectivity/Testcases/FS_22.205_FIPS_140-3_Certification/14570".

HISTORY:

ATM_LOCKED:

ATM_REQLINK: 3C6FE804-1CF3-11EC-B707-61040BE4A572, 3C8FDB28-1CF3-11EC-B707-61040BE4A572

ATM_REQCOUNT: 2

QA_TEAM:

TC_WEIGHTAGE:

FILENAME:

FILEDESC:

FILES:

RELEASE:

AUTOMATION_GROUP:

TESTCASE_STEPS_ARE_RELATED_TO:

REASON_FOR_AUTOMATABLE:

PRECONDITION_TO_BE_DONE:

ACTION_TO_BE_DONE:

COMMON_FUNCTIONALITY:

COMMONALITY_DETAILS:

CONSTRAINTS_DAR: IMP-98 by Karthika dated on 25-12-2022

DEVELOPMENT_COMPLETE_TIME:

PO_SIGNOFF_DATE:

COMPLEXITY_PRECONDITIONS:

COMPLEXITY_OUTPUT_VALIDATION: non_outliers

AUTOMATABLE: yes

TESTCASE_MODIFICATION_REQUIRED:

APTEST_UPDATE_STATUS:

DEVICE_CATEGORY: common

TC_WORK_LOCATION_CAT: work_from_home_tc

AUTOMATION_TC_VALIDATION:

COMPETENCY: wfast_connectivity

APTEST_TRACKING: yes

AUTOMATION_CANDIDATE: no