Moving FIPS keys from 8900 to 10200

Question

Hello,&nbsp;
According to DOC, it seems likely FIPS-2 keys sync is not possible between 8900 and 10200 due to FIPS hardware difference (no exact platform mention, but it's close enough): https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-platform-fips-administration.pdf?sr=32944290&nbsp;
Important: Because of hardware differences, it is not possible to synchronize security domains between the newer platforms(10000/11000/11050 platforms) and older platforms (6900/8900platforms).&nbsp;
Q: Assuming identical software version and security world configuration - is there an alternate way to move FIPS keys from 8900 to 10200?
Regards,&nbsp;

leonardo_souza · Answer

My understanding is that the limitation is if you want to have the 2 devices in a HA pair, and having them sync automatically the fips keys.&nbsp;
If you just want to migrate the keys to a new hardware:&nbsp;
1 - Initialize the FIPS card in the new device, with same SO and Domain as the old.&nbsp;
2 - Export the keys in the old device&nbsp;
3 - Import the keys in the new device&nbsp;
You will need to know the SO in the old device.&nbsp;
Let me know if you need the commands, as I have some notes I use every time I need to do some stuff with FIPS (and generally, never works in the first time). &nbsp;

Forum Discussion

Moving FIPS keys from 8900 to 10200

1 Reply

Recent Discussions

Problème pool

Problems connecting to vpn after upgrading to ubuntu 24.04

Ansible - Running bash commands with bigip_command module - How it's done

Retrieve Your Lost Bitcoin From CassioBares Recovery

Unable to add R Series as Provider in BIGIP NEXT CM

Related Content

FIPS license and fipsutil info

Moving from Viprion to rseries

Shape Security and Volterra moving to F5 Distributed Cloud Services

Moving Target

Move all objects between different partition