Last Modified: Nov 07, 2022
Known Affected Versions:
11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.10, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8
12.1.0, 11.6.1, 11.5.4 HF1
Opened: Feb 25, 2016 Severity: 2-Critical
The snmp traps bigipFipsDeviceError and bigipFipsFault are inconsistent among versions.
The meaning of the trap is that the system is not able to perform any FIPS operations and process FIPS related traffic. You will need to be mindful of which version you are on to interpret the OIDs correctly.
This trap is raised if the FIPS device firmware has stopped responding to requests and is no longer functional. The trap is different on the BIG-IP 10350 FIPS platform.
An SNMP trap is generated when the system has detected a FIPS device fault indicating that said device can no longer service FIPS operations. The OIDs are different across versions and one specific platform. Here is the OIDs and versions: BIGIP-COMMON-MIB::bigipFipsDeviceError .18.104.22.168.4.1.3322.214.171.124.152 This trap means "Encountered error in the FIPS card operation" on all FIPS platforms BIGIP-COMMON-MIB::bigipFipsFault .126.96.36.199.4.1.33188.8.131.52.156 (from v11.5.4-hf1 and 11.6.1, not 12.0.0) BIGIP-COMMON-MIB::bigipFipsFault .184.108.40.206.4.1.33220.127.116.11.166 (from v12.1.0) These traps mean "The FIPS card is currently in faulty state" for the specific FIPS hardware included on the BIG-IP 10350