When you enable the FIPS mode, any secure communication to or from the NSX Edge uses cryptographic algorithms or protocols that are allowed by United States Federal Information Processing Standards (FIPS). FIPS mode turns on the cipher suites that comply with FIPS.

If you configure components those are not FIPS compliant on a FIPS enabled edge, or if you enable FIPS on a edge which has ciphers or authentication mechanism that is not FIPS compliant, NSX Manager will fail the operation and provide a valid error message.

Functionality Difference Between FIPS Mode And Non-FIPS Mode

Component Functionality FIPS Mode Non-FIPS Mode
SSL VPN RADIUS Authentication Not Available Available
SSL VPN RSA Authentication Not Available Available
TLS Protocol TLSv1.0 Not Available Available
Routing OSPF, BGP - Password MD5 Authentication Not Available Available
IPSec VPN PSK Authentication Not Available Available
IPSec VPN DH2 and DH5 groups Not Available Available
IPSec VPN DH14, DH15, and DH16 groups Available Available
IPSec VPN AES-GCM Algorithm Not Available Available