Forum Discussion
Help understanding iHealth status
Well, according to support, the answer is "because". I really felt like I didn't get a straight answer out of support for this question. Like I had to ask the same question 3 times before getting any kind of answer. I'm not sure if they weren't understanding my question or if I wasn't understanding their answer.
Apparently looking at diagnostics won't tell you what's wrong, only what *may* be an issue. It's up to you to dig into each item and determine if you are effected by it. Sort of deminishes the value of iHealth IMHO. Also, apparently iHealth looks at ALL the software on your device, even non-active partitions. It's good practice to keep the old software on the system as a roll back point. Thus, 17.1.0.3 Point Release 3 0.0.4 is still on my system in a non-active partition. The issue is detected in the 17.1.0.3 Point Release 3 0.0.4 which is on my system (though it's not an active partition) so that's also why I'm seeing it.
I just hope I never have to give this diagnostic page to an auditor. I don't want to have to try and explain to the auditor that while the diag SAYS I have 3 critical vulnerabilites, I don't REALLY have them. Then have to go through the process of proving it as well.
I really want to see if deleting the non-active partition off my system will clear the error or not. However my current plan is to always keep the older version on a non-active partition until it's time to upgrade to the next version. IE 17.1.0.3 Point Release 3 0.0.4 will stay on my box until I'm ready to upgrade to 17.1.1 and only then in one of the first few steps in installing the 17.1.1, I delete the 17.1.0.3 partition.
irbk That's a bummer that it looks at all partitions even if they aren't active. I'm the same as you, always keep the previous working partition until the next upgrade. If you feel that you have to delete the old one you should be fine as long as you have been running on the new one for some time without any issues. Typically auditors do not go off of iHealth but instead they do their own digging and as long as what they're looking for doesn't match anything you are fine. For instance, we got dinged for STP being enabled on the F5 because it could pass this information out of other routed interfaces but because we are in one-arm mode and not in path we don't really have to worry about it.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com