Forum Discussion
fazil_faris
Nimbostratus
NimbostratusF5 DNS vulnerabilities mitigation
Hello folks,
Good morning
We found some vulnerability in our F5 DNS and planning to upgrade the device to 17.x version from 15.x. DNs is installed in dedicated vm and we have LTM,APM and ASM in different device. I read from a article that, 15.x is EOS by this year, so we upgrading other devices aswell.
This DNS is connected with all other F5 devices, so I need a suggestion or best practice to complete it.(Upgrade order) .If anyone upgraded to 17.x please help here.
Br
Fafa
- Aswin_mk
Cumulonimbus
Hi,
There are 2 preferred methods that are commonly used to upgrade environments with DNS and LTM.
Upgrade DNS devices first, immediately followed by upgrading the big3d version on all 'client' devices.
Upgrade BIG-IP DNS First
Upgrade the big3d client on each LTM device to bring the big3d client version up to the DNS version.Otherwise:
Upgrade LTM Devices first, Then upgrade the DNS devices.
Upgrade all LTM devices - the .iso includes the matching big3d client for that firmware release.
this ensures the big3d client is 'newer or equal to' the BIG-IP DNS device version.
at a future time, as required, upgrade the BIG-IP DNS device to match the BIG-IP LTM version.What should I upgrade first: BIG-IP LTM or BIG-IP DNS? (f5.com)
in your case, i suggest going with LTM first, usually i followed. If DNS is prior, do DNS device first then upgrade big3d upgrade
Overview of big3d version management (f5.com)
Thanks
Aswin
- fazil_faris
Thanks for the KB and suggestions.
