09-10-2020 08:58 PM
There's a ton of little gotcha moments when you enable FIPS-CC, but the only one that really changes with a HA pair is the requirement to utilize encryption on the HA setup. You'll definitely want to ensure you have that configured prior to actually changing the operational mode to avoid longer downtime and potential split-brain scenario due to the requirement not being met.
I would really try and get your config loaded onto a lab box and verify that you have everything setup properly to FIPS-CC standards (proper cipher suites, ect) prior to actually making this cutover. This will make sure you don't have any extended outage re-configuring things to standard.
