Forum Discussion

Cirrocumulus

Nov 16, 2022

Changing Management-ip in an HA pair setup

Hello, I've read this Article: https://support.f5.com/csp/article/K62249587 but I've a question: if the management IP is not involved in Failover Network ot Config Sync, do I need to delete the De...

application delivery

device

management

Mohamed_Ahmed_Kansoh
Nov 16, 2022
kgaigl ,
it is highly recommended to do that in a maintenance Window , specially if you have " voice " services or FTP applications on you Big-ip device.
if your services are web application only , you will not feel by impact during your action.
> I have do this before with 2 devices in HA , on of them was faulty and when getting the RMA new device , I installed it with the other node without any impact.
- I Broke the HA and device Trust and Configure the HA and build the trust from Scratch again , and it worked fine.
> only Follow these KBs :
This you have shared it :
https://support.f5.com/csp/article/K62249587
> Re-build Device Trust :
https://support.f5.com/csp/article/K42161405
but it is better to do it in a maintenance Window.

Regards

Mohamed_Ahmed_Kansoh

MVP

Nov 16, 2022

Hi kgaigl ,
yes , it is a best Practise to Break the device trust even if you do not use the management network in " Config sync or mirroring " Or even if you did not build the device trust between devices by " HA or other Vlans interfaces " Not by using Management ips.
> Before I have implemented a HA between 2 F5 appliances , and I did not use Management interfaces to build the trust " Exchange certificates " , and instead of that I used the " HA" Vlan ips/interfaces , and it works well until now.
> But the issue is :
open ( Device management >>> select Devices >>> Properities TAB) you can see the Peer device name and its management ip address.
So changing management ips without break the trust will make some issues , as the management ip address info is transferred at the first time when building trust.
So the Result is : Management ip address is used to be an identification for appliance.
So you need to break the trust and change your management network as you read in this KB "https://support.f5.com/csp/article/K62249587" , after changing mangement ips , try ti build trust again " use the new mgmt ips / or HA ips " it will work well.

> And After finishing your Trust , and HA settings , and make sure that your apliances become "insync" again.
Navigate
( Device management >>> select Devices >>> Properities TAB)
you should see under properities TAB
The new mgmt ip address of the other Peer , and same thing if you logged in the other appliance.

I hope this helps you.
Regards

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Changing Management-ip in an HA pair setup

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

Prepare BIG-IP Central Manager for Automation

Using iControl REST API to manage F5 BIG-IP Advanced Firewall Manager (AFM)

Manage F5 BIG-IP FAST with Terraform (Intro)

Getting Started with BIG-IP Next: Upgrading Central Manager

Manage F5 BIG-IP Advanced WAF Policies with Terraform (Part 4 - Policy Lifecycle management)

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS