OK thanks @TMACMD . We still have a few legacy Windows boxes and I wonder about them being affected in particular, in some unknown way. Specifically we still have a handful of Windows Server 2003/2008R2 boxes we're trying to get rid of. But from what you're saying, it sounds like this is only about our ability to SSH into NetApp clusters. I've never configured LDAP settings since we've started using NetApp so I doubt that's a factor. We still have SMB1 enabled on three older CIFS Servers but it doesn't sound like that has an impact?

Anyone else have a comment? Has anyone experienced issues with enabling this?

I don't have personal experience to share but few pointers that may hopefully help influence your decision.

Does enabling FIPS cause any issues with NFS/CIFS Protocols?
https://kb.netapp.com/onprem/ontap/da/NAS/Does_enabling_FIPS_cause_any_issues_with_NFS_or_CIFS_Protocols

No, NFS and CIFS do not use SSL/TLS encryption. FIPS mode enforces security of SSL/TLS traffic.

Related kb/discussions:
https://kb.netapp.com/onprem/ontap/da/NAS/While_FIPS_is_enabled_on_Data_ONTAP_9.0_%2C_users_are_unable_to_SSH_into_the_cluster_or_node
https://kb.netapp.com/onprem/ontap/os/After_enabling_FIPS_the_following_error_is_received%3A_Cannot_enable_the_HTTP_protocol_because_FIPS_is_enabled
https://kb.netapp.com/mgmt/OTV/SRA/SRM_planned_migration_fails_after_configuring_FIPS
https://kb.netapp.com/onprem/ontap/os/SSH_public_key_authentication_fails_on_FIPS_enabled_cluster
https://community.netapp.com/t5/ONTAP-Discussions/FIPS-mode-any-issues-after-enabling/m-p/134184
https://community.netapp.com/t5/ONTAP-Discussions/ONTAP-9-3P15-Enabling-FIPS-Mode/m-p/153565

@Ontapforrum this is extremely helpful! Great list of links. I read through them and they gave me a better sense of this change.

Couple of additional questions:

1. Regarding System Manager, I use HTTPS but the article says you have to have a digital cert. Even though we use a cert manager, the browser still sees them as invalid (for some reason) so we still get the warning each time we log in to a cluster. Would FIPS hiccup on that?

2. Would FIPS impact Active IQ Unified Manager, SnapCenter, the SnapCenter VMware Plug-In, the OnTAP Tools VMware Plug-In, or the old SnapDrive tool? (SnapDrive is unfortunately still in use on some old 2008R2 servers due to compatibility issues). NOTE: OnTAP Tools connections use TLS/443 so I think we're good there.

3. Any issues with PowerShell toolkit commands? I'm using version 9.11.1.2208. I'm guessing the fix mentioned in one of your links isn't needed anymore since it was posted in 2017/2018 - I'm assuming the toolkit has been patched by then to 'just work'. Am I correct?

One additional thought. The article below says (under "View FIPS Compliance Status") that "A reboot is required to make sure that all applications in the cluster are running the new security configuration, and for all changes to FIPS on/off mode, protocols, and ciphers."  This seems to imply that, despite the earlier note that reboots aren't required after 9.9.1, they actually are required if you want to "make sure" it is working. Am I missing something?

https://docs.netapp.com/us-en/ontap/networking/configure_network_security_using_federal_information_processing_standards_@fips@.html

Just started trying to enable FIPS on the simulator and read through this error. We use SNMP but have no idea which version we are using. I suspect v1 or v2c but have no way of determining it. Any ideas?

Warning: This command will enable FIPS compliance and can potentially cause some non-compliant components to fail. MetroCluster and Vserver DR require FIPS to be enabled on both sites in order to be compatible. An SNMP users or SNMP traphosts that are non-compliant to FIPS will be deleted automatically. An SNMPv1 user, SNMPv2c user or SNMPv3 user (with none or MD5 as authentication protocol or none or DES as encryption protocol or both) is non-compliant to FIPS. An SNMPv1 traphost or SNMPv3 traphost (configured with an SNMPv3 user non-compliant to FIPS) is non-compliant to FIPS. Incoming web service requests over the insecure HTTP protocol will be rejected.