The AppGate server uses OpenSSH to encrypt network traffic and OpenSSH in turn uses the OpenSSL libraries for most of its cryptographic operations. It is possible to configure OpenSSH to use OpenSSL in FIPS mode. This means that all code in OpenSSH which is used to encrypt network traffic on the AppGate server will use an embedded FIPS 140-2 level 1 validated cryptographic module (OpenSSL 1.1.2, Certificate #918) running on the AppGate server per FIPS 140-2 Implementation Guidance section G.5 Guidelines.

The AppGate SSL module is currently not able to run in FIPS mode so enabling FIPS mode will disable the SSL mode. The kerberos module is also not FIPS-enabled and will be disabled when FIPS mode is enabled.

FIPS mode can be enabled from the AppGate console. See Section 4.9.3, “Connection Settings” for details.