Forum Discussion
Implementing Data Guard
- Aug 03, 2023
There should not be an outage, as the new policy will be applied to incoming sessions. I said "should," though, so if you want to ensure no issues, architecturally, this can be done a couple of ways:
Do you have F5 DNS and 2+ Data Centers for the AWAF?
If so, after proving your new policy with test traffic, make one data center primary, geographically, for several hours with the old policy. When you've verified VERY low to no traffic in the offline DC VIP, apply your new policy to it and then swap all traffic to the new policy (so you don't have to track down mixed results in the event of an issue) in the other DC.
If not, Just do a second VIP for the service with the new policy and change your DNS or NAT to drive traffic to it instead of the original VIP. This allows for VERY simple failback in the event of an issue.
Also, if you do NOT have F5 DNS, F5 Distributed Cloud can offer this in a VERY affordable manner for individual applications, allowing you to fail between cloud providers or data centers or a combination in just a few minutes.
There should not be an outage, as the new policy will be applied to incoming sessions. I said "should," though, so if you want to ensure no issues, architecturally, this can be done a couple of ways:
Do you have F5 DNS and 2+ Data Centers for the AWAF?
If so, after proving your new policy with test traffic, make one data center primary, geographically, for several hours with the old policy. When you've verified VERY low to no traffic in the offline DC VIP, apply your new policy to it and then swap all traffic to the new policy (so you don't have to track down mixed results in the event of an issue) in the other DC.
If not, Just do a second VIP for the service with the new policy and change your DNS or NAT to drive traffic to it instead of the original VIP. This allows for VERY simple failback in the event of an issue.
Also, if you do NOT have F5 DNS, F5 Distributed Cloud can offer this in a VERY affordable manner for individual applications, allowing you to fail between cloud providers or data centers or a combination in just a few minutes.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com