Need step-by-step guidance for migrating BIG-IP i2800 WAF to rSeries (UCS restore vs clean build)

Hi Blue_whale​ ,

there's no black or white answer to your question.
With LTM&AWAF you could:

• build a cluster between iSeries and rSeries BIG-IP tenant
• do an UCS restore
• build new

Depends on some factors like planned downtime, maintenance window.

My favorite way is to build a new cluster. Either from UCS with the platform-migrate option, or with automation. Or if the config is very small and LTM only, you could even do a migration with SCF file.
The new cluster requires to have managment port and HA&Sync VLAN to be connected. All other ports are disabled on the switch (or whatever upstream device).
On the cutover date, you just disable switchports on the old cluster, enable on the new - done.
If anything goes wrong, just rollback by disabling/enabling the port on the switch.
Works good with LTM and AWAF. Also with APM if not heavily customized.

Building a cluster with old and new might save you some headaches with complex APM setups.
But adds a lot of steps (complexity) with removing old and adding new cluster members.
And it doesn't allow you the easy rollback option mentioned above.

Regarding your other questions:

• Version compatibility:
  First migrate, upgrade afterwards. Keep your version!
• Interface / VLAN config
  In rSeries VLANs and Interface are configured at the F5OS level. Mapped to the BIG-IP tenant. Self and Floating IPs are configured inside of the BIG-IP Tenant.
• Best approach to migrate and tune ASM polices
  Migrate as described above. Tuning... I could give you a three day lecture on that.
  But it boils down to - keep it simple.
• Common issues:
  You will forgot to migrate something. Legacy setting or whatever. :)

Good luck

Daniel

Daniel provided a great guide!

 

Maybe the only thing I can add is to enforce all the learnings  or you may need to export them and import them in the new system 

https://my.f5.com/manage/s/article/K80004017