How to swap APM Access Profile w/o disconnecting clients? (VPN)
I've modified a copy of an access profile in use for VPN (quite a few changes, thus done using a copy) and would like to swap it without APM disconnecting any clients who connected via the previous access profile. This occurred when I swapped it before - clients who connected via the previous access profile would get disconnected after a few minutes (it varied). Looking at their APM session log, there was a message basically saying the session was terminated due to an access policy mismatch. This was unexpected, and I was told to swap back.
My current plan/recommendation is to purge all sessions right after swapping access profiles to force everyone to reconnect using the new one. However, management isn't keen on that idea and has asked if there's a way to do it without having to do that. Swapping and renaming profiles "should" work, but I'm wondering if the F5 is "smart enough" to notice that and still disconnect sessions in spite of the name being the same.
I'm aware that generally changes shouldn't affect current traffic, but in this case (as seen by the APM session log) it does.
Any ideas? Do you think renaming the new profile to match the current one (after "freeing it up" via swapping/renaming it) will "fool" the F5?