Moving FIPS keys from 8900 to 10200

Question

Hello,&nbsp;
According to DOC, it seems likely FIPS-2 keys sync is not possible between 8900 and 10200 due to FIPS hardware difference (no exact platform mention, but it's close enough): https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-platform-fips-administration.pdf?sr=32944290&nbsp;
Important: Because of hardware differences, it is not possible to synchronize security domains between the newer platforms(10000/11000/11050 platforms) and older platforms (6900/8900platforms).&nbsp;
Q: Assuming identical software version and security world configuration - is there an alternate way to move FIPS keys from 8900 to 10200?
Regards,&nbsp;

leonardo_souza · Answer

My understanding is that the limitation is if you want to have the 2 devices in a HA pair, and having them sync automatically the fips keys.&nbsp;
If you just want to migrate the keys to a new hardware:&nbsp;
1 - Initialize the FIPS card in the new device, with same SO and Domain as the old.&nbsp;
2 - Export the keys in the old device&nbsp;
3 - Import the keys in the new device&nbsp;
You will need to know the SO in the old device.&nbsp;
Let me know if you need the commands, as I have some notes I use every time I need to do some stuff with FIPS (and generally, never works in the first time). &nbsp;

Forum Discussion

Moving FIPS keys from 8900 to 10200

Recent Discussions

APM with EntraID as idP / request signed

Should config via cli rather than gui?

Background Tasks

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

FIPS license and fipsutil info

Moving from Viprion to rseries

Shape Security and Volterra moving to F5 Distributed Cloud Services

Moving Target

Migration from i series 10200 with 1 child VCMP to r series 10900 series

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS