Implementing Data Guard
BIG-IP AWAF VE Version 16
AWAF is in production having Critical apllications. Now we are going to enable DataGuard, will it effect any services during the change ?
I just want to on safer side if i require downtime for the changes or i can do without downtime.
There should not be an outage, as the new policy will be applied to incoming sessions. I said "should," though, so if you want to ensure no issues, architecturally, this can be done a couple of ways:
Do you have F5 DNS and 2+ Data Centers for the AWAF?
If so, after proving your new policy with test traffic, make one data center primary, geographically, for several hours with the old policy. When you've verified VERY low to no traffic in the offline DC VIP, apply your new policy to it and then swap all traffic to the new policy (so you don't have to track down mixed results in the event of an issue) in the other DC.
If not, Just do a second VIP for the service with the new policy and change your DNS or NAT to drive traffic to it instead of the original VIP. This allows for VERY simple failback in the event of an issue.
Also, if you do NOT have F5 DNS, F5 Distributed Cloud can offer this in a VERY affordable manner for individual applications, allowing you to fail between cloud providers or data centers or a combination in just a few minutes.