Forum Discussion

Roy_Jee's avatar
Icon for Nimbostratus rankNimbostratus
Nov 09, 2021

How to find suiteable version for OS upgrade


I want to confirm how to confirm which version is best and stable for an OS version upgrade .Lets say we are upgrading from .Thanks .

3 Replies

  • Well, I will say the upgrade strategy, plan and target version mostly depends upon the requirement, specific use cases and/or any major issues with current version.


    Let's say if any vulnerability is affecting the current version of F5 and it is applicable to your environment, you should look for mitigating the vulnerability. And In most cases the permanent fixes are upgrading F5s to stable version where affected vulnerabilities are fixed.


    The other example I can give is- Planning upgrade for specific use cases. Let's say I want to enable TLS1.3. In such case I would need to have my F5s on at least 14.1.x version for having production level support for TLS1.3. This is because in F5 14.0.0, the BIG-IP system adds limited support for TLS-1.3. Starting in BIG-IP and later, this support was updated to provide production level support for TLS 1.3.


    Now If I am planning to upgrade to any of 14.x version for enabling the TLS-1.3 support, I will check the most stable version under 14.x.


    So basically whenever you are planning for the F5 upgrade for any reason, you should look for most stable version and for this, you should definitely check for release notes of the target versions. In addition to this, you can also check your current F5 version for known vulnerabilities. You can do this by uploading a QKView of your F5 on iHealth. The IHealth report gives you details on any known issues/vulnerabilities, config problems and F5 best practices articles. Also F5 recommend to do this periodically.


    Below are some article for your ref-



    Hope it helps!





  • Thanks Buddy,

    can you please also let me know what is best way to decide on which series (14.x , 15.x , 16.x ) you should upgrade your OS for enabling TLS 1.3 from for i2600 box .

  • While deciding the upgrade, you can upgrade to the point release in target major version. Point release is the one that have most of the defects addressed, and security fixes. Also one more important point, when you decide your target version, it is always recommended to go through its release notes; specially verify the known issues/bugs and see if it applies to you. Kindly go through below F5 articles which may give you more clarify about this.







    Hope it helps!