Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP All
Known Affected Versions:
11.5.1 HF1, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.6.2 HF1, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 12.1.0 HF1, 12.1.0 HF2, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2
Fixed In:
12.0.0, 11.6.0 HF5, 11.5.2, 11.5.1 HF6
Opened: Sep 18, 2014 Severity: 2-Critical Related Article:
K16724
Install of FIPS exported key files (.exp) on one BIG-IP causes device group sync to fail.
Device group sync failed.
With two or more FIPS BIG-IPs configured in a device group, install a correct FIPS exported key file (.exp key) on bigip1. This exp file must be from a FIPS box belonging to the same FIPS security domain.
Copy the FIPS .exp file to the peer. Install this .exp key file on the peer also, similar to how it was installed on the first BIG-IP.
FIPS exported keys can now be successfully installed in FIPS cards without causing config-sync failure.