Configuring and Maintaining a FIPS Security Domain
Platform Guide: 6900 and 8900 6 - 7
Recovering FIPS information after a system failure
If one unit of a redundant system fails, the failover unit becomes active and
maintains FIPS information. However, after you replace the failed unit in a
redundant system, you need to restore FIPS information on the replacement
unit.
To copy FIPS information from the currently active original
system to a new replacement system
1. Ensure that current BIG-IP software is configured and install your
saved UCS on the new replacement system.
See https://support.f5.com for information on backup and recovery
of a BIG-IP UCS file.
2. Connect the currently active unit to new replacement unit.
3. On the new replacement unit, run the fipsutil -f init command.
Ensure that you use the exact same security domain that you
specified when you initially set up the currently active unit.
4. On the currently active unit, run the fipscardsync peer command.
This copies the information in the FIPS module from the currently
active unit to the new replacement unit.
Warning: Ensure that you run the fipscardsync peer command from
the currently active unit. If you run the fipscardsync peer command
from the new replacement unit, you will lose the original FIPS
information.
5. On the currently active unit, run configsync to copy the full
configuration to the replacement system.
The new replacement system is now ready to function as the
failover unit in a redundant system configuration.
To Next Page
Loading...
