Symptoms

After upgrading a BIG-IP system that is licensed for FIPS 140-2 compliant mode or with the full-box FIPS license, the FIPS mode reported is FIPS 140-3 compliant mode, but FIPS 140-2 and FIPS 140-3 mode is not properly enabled. Also, if you upgrade a BIG-IP system that is licensed for FIPS 140-2 compliant mode or with the full-box FIPS license, and upgrade to version 16.1.2.2 without first re-activating your license, after the upgrade is complete you will be prompted to reboot. After the reboot, FIPS mode will be disabled.

Impact

After the system reboots, the BIG-IP system reports that FIPS 140-3 compliant mode is enabled, but the FIPS mode is not FIPS 140-2 or FIPS 140-3 compliant in this version. If you did not re-activate the license prior to upgrade, the BIG-IP system will prompt you to reboot, and then will start with FIPS mode disabled.

Conditions

-- BIG-IP system running a software version earlier than 16.1.2.2, regardless of hardware or software platform type -- The FIPS 140-2 compliant mode or full-box FIPS license is applied -- Upgrade to version 16.1.2.2

Workaround

If you are upgrading a BIG-IP system that has a FIPS 140-2 compliant mode license applied, do not upgrade to version 16.1.2.2; instead, upgrade to BIG-IP version 16.1.3 or higher if your intention is to upgrade to version 16.x.

Fix Information

None

Behavior Change