When you enable the FIPS mode, any secure communication to or from the NSX Edge uses cryptographic algorithms or protocols that are allowed by United States Federal Information Processing Standards (FIPS). FIPS mode turns on the cipher suites that comply with FIPS.
If you configure components those are not FIPS compliant on a FIPS enabled edge, or if you enable FIPS on a edge which has ciphers or authentication mechanism that is not FIPS compliant, NSX Manager will fail the operation and provide a valid error message.
Functionality Difference Between FIPS Mode And Non-FIPS Mode
| Component | Functionality | FIPS Mode | Non-FIPS Mode |
|---|---|---|---|
| SSL VPN | RADIUS Authentication | Not Available | Available |
| SSL VPN | RSA Authentication | Not Available | Available |
| TLS Protocol | TLSv1.0 | Not Available | Available |
| Routing | OSPF, BGP - Password MD5 Authentication | Not Available | Available |
| IPSec VPN | PSK Authentication | Not Available | Available |
| IPSec VPN | DH2 and DH5 groups | Not Available | Available |
| IPSec VPN | DH14, DH15, and DH16 groups | Available | Available |
| IPSec VPN | AES-GCM Algorithm | Not Available | Available |
