Symantec™ Endpoint Protection 12.1.3 FIPS 140-2 Deployment Guide

Article:DOC6555  |  Created: 2013-06-03  |  Updated: 2013-06-03  |  Article URL
Article Type


Symantec™ Endpoint Protection 12.1.3 FIPS 140-2 Deployment Guide


Contains information about deploying Symantec Endpoint Protection version 12.1.3 in a FIPS-compliant configuration.

1. Introduction
About Symantec Endpoint Protection and FIPS 140-2 level 1 compliance
Setting up your network and Symantec Endpoint Protection for FIPS 140-2 compliance
2. Deploying Symantec Endpoint Protection for FIPS 140-2 level 1 compliance
About Symantec Endpoint Protection versions that support FIPS 140-2 level 1 compliance
Protecting client-to-server communication
About enabling Windows FIPS mode on clients and servers
Verifying that Windows operates in FIPS mode
Checking and changing the Apache SSL port
Enabling and verifying the SSL port on Symantec Endpoint Protection Manager
Enabling SSL on the clients by adding a management server list
Assigning a management server list to the top-level group
Verifying that clients use SSL to connect to Symantec Endpoint Protection Manager
Protecting server-to-server communication
About the FIPS-compliant Java libraries
About the validated modules
Deploying and using FIPS-compliant mode
Verifying that communications are FIPS-compliant
Protecting remote administration communication
Establishing certificate trust for the reporting website and the management website
Verifying that the websites operate in compliance
Adding your Symantec Endpoint Protection Manager server host name to the Local intranet zone
Disabling Enhanced Security Configuration on Windows 2003 servers
Disabling Enhanced Security Configuration on Windows 2008 servers
3. Best practices and limitations
Best practices for database communications
Best practices when you use an LDAP server with Symantec Endpoint Protection
Enabling SSL connections for an LDAP server
About the limitations on Symantec Endpoint Protection features
About the features that are not supported when you run Symantec Endpoint Protection in a FIPS-compliant manner
A. Troubleshooting SSL communication problems
Issue: New client installations cannot connect to the server
Issue: The management console displays a certificate error when it tries to connect to the SSL reporting site
Issue: After installing the Symantec Endpoint Protection Manager and FIPS Java libraries, console logon fails with the error "Failed to connect to the server"
Issue: Symantec Endpoint Protection Manager receives the error "reporting components could not be initialized"
Issue: My Symantec Endpoint Protection client does not connect to the server
Issue: I can't log on to the server after setting up a deny list under server properties
Issue: On a multi-homed network or a network that uses multiple IP addresses, the remote web console cannot reach the reporting website
Issue: Apache does not start
Issue: Home, Monitors, and Reports Pages are blank when the FIPS mode is turned on


FIPS140-2_Deployment_Gde_SEP12_1_3.pdf (552 kBytes)

Legacy ID


Article URL

Terms of use for this information are found in Legal Notices