Bug ID 480113: Install of FIPS exported key files (.exp) causes device-group sync failure

Last Modified: Apr 10, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP All(all modules)

Known Affected Versions:
11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4

Fixed In:
12.0.0, 11.6.0 HF5, 11.5.2, 11.5.1 HF6

Opened: Sep 18, 2014
Severity: 2-Critical
Related AskF5 Article:
K16724

Symptoms

Install of FIPS exported key files (.exp) on one BIG-IP causes device group sync to fail.

Impact

Device group sync failed.

Conditions

With two or more FIPS BIG-IPs configured in a device group, install a correct FIPS exported key file (.exp key) on bigip1. This exp file must be from a FIPS box belonging to the same FIPS security domain.

Workaround

Copy the FIPS .exp file to the peer. Install this .exp key file on the peer also, similar to how it was installed on the first BIG-IP.

Fix Information

FIPS exported keys can now be successfully installed in FIPS cards without causing config-sync failure.

Behavior Change