Manual Chapter : F5 HSM/FIPS Platform Implementations

Applies To:

Show Versions Show Versions

BIG-IP APM

  • 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3

BIG-IP LTM

  • 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3

BIG-IP AFM

  • 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3

BIG-IP DNS

  • 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3

BIG-IP ASM

  • 17.1.0, 17.0.0, 16.1.4, 16.1.3
Manual Chapter

F5 HSM/FIPS Platform Implementations

F5 HSM/FIPS implementations overview

F5 offers several Federal Information Processing Standard (FIPS) 140-2 or 140-3 solutions. For specifics on the platforms, software versions, FIPS Certificates, and document for each solution, see
f5.com/about-us/certifications
.
Unless otherwise specified, FIPS validation refers to either FIPS 140-2 or FIPS 140-3.
These solutions are based on the system configuration and license you use:
FIPS BIG-IP Platform Module
This is a FIPS validated BIG-IP ®system. This system requires a Full-Box FIPS add-on license. Also referred to as Platform FIPS. This system provides FIPS validation without the performance impact of using an embedded HSM.
BIG-IP System with FIPS Validated Network HSM
This is a BIG-IP system that uses an external FIPS validated Network HSM. This system requires an External Interface and Network HSM add-on license. Also referred to as Network FIPS. This system provides the ability for any BIG-IP system to support validated FIPS traffic.
FIPS BIG-IP Software Module
This is a FIPS validated virtual BIG-IP system. This system requires a FIPS 140-3 Level 1 Virtual add-on license. Also referred to as VE FIPS. This provides a validated platform with the flexibility of a virtual appliance.
The following solutions are based on the appliance including an embedded FIPS validated HSM:
FIPS BIG-IP with Embedded HSM
This is a BIG-IP system with an on-board FIPS validated HSM. This system does not require any specific add-on licenses and requires only a BIG-IP software license that is valid for the specific platform. Also referred to as Embedded FIPS. This provides the increased FIPS level that are available with an embedded FIPS HSM.
FIPS BIG-IP Platform with Embedded HSM
This is a BIG-IP system with an on-board FIPS validated HSM which is also licensed with the Platform FIPS license. It provides the performance of the Platform FIPS with the increased FIPS level of the Embedded HSM. This system requires a Full-Box FIPS add-on license. Also referred to as Dual FIPS.