When configuring the system for FIPS operation, best practice is to only perform basic configuration tasks on the LoadMaster before configuring the system into FIPS mode. Additional configuration should be performed after the system is switched over to FIPS mode and rebooted.

Note: If you have an existing system that is already configured with logins, Virtual Services, SSL certificates, and so on, that you want to use in FIPS mode, follow the procedure in the FIPS Initial Setup Best Practices for a Configured System section. Failure to follow the procedure in the next section could lead to unexpected behavior after moving the system to FIPS mode.
  1. If you have a hardware unit, place the unit in a rack and connect the cables:
    1. Connect the eth0 network interface to a switch. This is the system management interface.
    2. Connect a monitor and keyboard to the system.
    3. Connect any power cables.
    4. Flip the power switch to the "on" position.
    5. Skip step 2, which relates to virtual units.
  2. If you have a virtual unit, start the unit in your hypervisor.
  3. When the boot sequence completes, a login prompt is displayed on the console/monitor. Log in using these credentials:
    1. Userid: bal
    2. Password: 1fourall
  4. The system prompts for the following information:
    1. Set the management IP address (using CIDR format; for example, 192.168.0.11/24).
    2. Set the Nameserver IP address.
    3. Set the Gateway IP address.
    4. If required, set the Proxy IP address (this can be left blank).
  5. Use a browser to connect to https://<IPAddress>, where <IPAddress> is the management IP address assigned in the previous step. This leads you through:
    1. Licensing the system.
    2. Setting a new password for the bal user account.
  6. Set the NTP server address (in System Configuration > System Administration > Date/Time).
  7. Enable Software FIPS Mode:
    1. Go to Certificates & Security > Remote Access > Enable Software FIPS Mode.
    2. Click through multiple confirmation screens.
    3. Reboot (System Configuration > System Administration > System Reboot > Reboot).
  8. Connect to the management IP address and log in as the bal user using the new password you set above.
  9. Set the WUI to use the Default cipher set (Certificates & Security > Remote Access > Outbound Connection Cipher Set).
  10. Set the machine name and DNS domain (System Configuration > Network Setup > Host & DNS Configuration).
  11. Obtain a TLS certificate for the unit using the Hostname set above.
  12. Import the above TLS certificate and assign it as the device management certificate:
    1. Go to Certificates & Security > SSL Certificates > Import Certificate.
    2. When the certificate is imported, select the imported certificate from the Administrative Certificate drop-down list at the bottom of the page and click Use Certificate.
  13. Perform any additional configuration, as required.