Enable FIPS in SolarWinds NTA

You can run SolarWinds NTA in FIPS-compliant (Federal Information Processing Standard) mode to comply with computer security and interoperability standards used by non-military US government agencies and contractors.

For the full list of tested Orion products for international standards for computer security, see this site. For a certification letter of Orion FIPS compliance, contact us with your request.

  • If FIPS compliance is required, SolarWinds recommends that you enable FIPS as part of a fresh install instead of as part of an upgrade.
  • Before you enable FIPS ensure that the hardware is FIPS-compliant. See the Microsoft Support knowledge base for more information.
  • Not all Orion Platform products are FIPS-compliant. SolarWinds recommends that you install all FIPS-compliant SolarWinds software on FIPS-compliant servers and maintain all non-compliant SolarWinds software on non-compliant servers.
  1. Run the SolarWinds FIPS 140-2 Manager (SolarWinds.FipsManager.exe).

    By default, SolarWinds.FipsManager.exe is located in the C:\Program Files (x86)\SolarWinds\Orion folder.

  2. Complete FIPS configuration:
    1. If an installed product is not FIPS-compliant, click Close, remove any non-compliant Orion Platform products from the FIPS-compliant server, and run the FIPS 140-2 Manager again.
    2. If FIPS 140-2 is disabled, select Enable FIPS 140-2, and click Next.
    3. If the FIPS Manager provides a list of objects or saved network discovery definitions that are not FIPS-enabled, complete the following steps.

      To refresh the list of non-compliant objects after editing the credentials, restart the FIPS 140-2 Manager.

      • Click the non-compliant monitored node, and edit its Polling Method to be FIPS-compliant.
        1. Select SNMPv3 as the SNMP Version.
        2. Select FIPS-compliant Authentication and Privacy/Encryption methods, and provide the passwords.
        3. Click Submit.
      • Click the non-compliant network discovery, and edit SNMP credentials to be FIPS-compliant.
        1. Confirm that all SNMP credentials are SNMPv3. Delete or edit any credentials that are not FIPS-compliant SNMPv3.
        2. Confirm that all SNMP credentials use FIPS-compliant Authentication and Privacy/Encryption methods, and provide the passwords.
        3. Complete the Network Sonar Wizard using the updated credentials.
  3. Restart the server.

While the software is FIPS-compliant, you must choose to use FIPS-compliant polling methods, such as SNMPv3, to monitor and discover nodes.

FIPS-Compliant Methods for SNMPv3

Authentication

SHA1
Privacy or encryption AES128, AES192, AES256