There is a global setting for FIPS compliance for load balancers. By default, the setting is turned off to improve performance.
Changing the global configuration for FIPS compliance for load balancers affects new load balancer instances, but does not affect any existing load balancer instances.
If the global setting for FIPS for load balancer (lb_fips_enabled) is set to true, new load balancer instances use modules that comply with FIPS 140-2. Existing load balancer instances might be using non-compliant modules.
To make the change take effect on existing load balancers, you must detach and reattach the load balancer from the tier-1 gateway.
You can check the global FIPS compliance status for load balancer using
GET /policy/api/v1/compliance/status.
... { "non_compliance_code": 72024, "description": "Load balancer FIPS global setting is disabled.", "reported_by": { "target_id": "971ca477-df1a-4108-8187-7918c2f8c3ba", "target_display_name": "971ca477-df1a-4108-8187-7918c2f8c3ba", "target_type": "FipsGlobalConfig", "is_valid": true }, "affected_resources": [ { "path": "/infra/lb-services/LB_Service", "target_id": "/infra/lb-services/LB_Service", "target_display_name": "LB_1", "target_type": "LBService", "is_valid": true } ] }, ...
Note: The compliance report displays the global setting for FIPS compliance for load balancer. Any given load balancer instance can have a FIPS compliance status that is different from the global setting.