Changing Client SSL profile

Hi. You should find that changes to the profile will only affect new connections. Existing (and new persistence related) connections will use the old settings until they are closed.

 

 

One profile shouldn't take more than a minute or two (although I don't actually know what you are changing). Obviously doing this at the CLI would be quicker. It might actually be better to create new profiles, it'll be easier to roll back.

 

 

As for pre and post checks I'd suggest the following as a minimum (ideally from the CLI);

 

 

-Check available disk, CPU and memory resources - make a note

 

-Check the logs to make sure the device is stable and nothing that might affect your change is being reported

 

-Check no one else is on the box

 

-Save the config on and off box

 

-Check connection levels to the VS in question - make a note

 

-Check whatever other statistics etc. that you can in relation to the function/objects you are changing

 

-Make sure you have a backout plan

 

-If it's a HA setup, make sure the standby(s) are operational and the config is in sync

 

 

-Make the change

 

 

-Compare everything you recorded pre-change with the post-change state/statistics

 

-Check the logs

 

-Test, test, test