Applies To:
Show VersionsBIG-IP AAM
- 13.0.1, 13.0.0
BIG-IP APM
- 13.0.1, 13.0.0
BIG-IP LTM
- 13.0.1, 13.0.0
BIG-IP AFM
- 13.0.1, 13.0.0
BIG-IP DNS
- 13.0.1, 13.0.0
BIG-IP ASM
- 13.0.1, 13.0.0
About setting up FIPS platforms in a device group
You can configure a device group using two platforms from the same series with a FIPS card installed in each unit. When setting up a FIPS solution on a device group, you install the two systems and can connect to a serial console to remotely manage the systems. In the event that network access is impaired or not yet configured, the serial console might be the only way to access your system.
After you have set up and configured the systems, you can create the FIPS security domain by initializing the HSM and creating a security officer (SO) password. You must configure the same security domain name on all HSMs in the group.
Initializing the HSM in 5000/7000/10200 platforms
Initializing the HSM in 10350 platforms
Initializing the HSM in i5000/i7000 Series platforms
Viewing HSM information using tmsh
Before you synchronize the HSMs
Before you can synchronize the FIPS hardware security modules (HSMs), you must ensure that the target HSM:
- Is already initialized
- Has an identical security domain name
- Does not contain existing keys
- Is the same hardware model
- Contains the same firmware version
Before you run the fips-card-sync command, ensure that you have this information:
- The SO password for the source F5® device
- The SO password for the target F5 device
- The root password for the target F5 device
The target device must also be reachable using SSH from the source device.