Bug ID 576314: SNMP traps for FIPS device fault inconsistent among versions.

Last Modified: Oct 01, 2018

Bug Tracker

Affected Product:  See more info
BIG-IP All(all modules)

Known Affected Versions:
11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8

Fixed In:
12.1.0, 11.6.1, 11.5.4 HF1

Opened: Feb 25, 2016
Severity: 2-Critical

Symptoms

The snmp traps bigipFipsDeviceError and bigipFipsFault are inconsistent among versions.

Impact

The meaning of the trap is that the system is not able to perform any FIPS operations and process FIPS related traffic. You will need to be mindful of which version you are on to interpret the OIDs correctly.

Conditions

This trap is raised if the FIPS device firmware has stopped responding to requests and is no longer functional. The trap is different on the BIG-IP 10350 FIPS platform.

Workaround

None

Fix Information

An SNMP trap is generated when the system has detected a FIPS device fault indicating that said device can no longer service FIPS operations. The OIDs are different across versions and one specific platform. Here is the OIDs and versions: BIGIP-COMMON-MIB::bigipFipsDeviceError .1.3.6.1.4.1.3375.2.4.0.152 This trap means "Encountered error in the FIPS card operation" on all FIPS platforms BIGIP-COMMON-MIB::bigipFipsFault .1.3.6.1.4.1.3375.2.4.0.156 (from v11.5.4-hf1 and 11.6.1, not 12.0.0) BIGIP-COMMON-MIB::bigipFipsFault .1.3.6.1.4.1.3375.2.4.0.166 (from v12.1.0) These traps mean "The FIPS card is currently in faulty state" for the specific FIPS hardware included on the BIG-IP 10350

Behavior Change